genkit
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTIONNO_CODE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to install the Genkit CLI via a shell script ('curl -sL cli.genkit.dev | bash'). This URL is the official domain for Firebase Genkit (a Google service) and is considered a trusted source.
- [COMMAND_EXECUTION]: The documentation includes CLI command examples for starting the developer UI ('genkit start') and running flows ('genkit flow:run'), which are standard operations for the framework.
- [PROMPT_INJECTION]: The skill describes building AI workflows that process untrusted data (Indirect Prompt Injection surface). Ingestion points: Data enters through 'ai.defineFlow' input schemas. Boundary markers: Examples use Zod schemas to define expected data structures. Capability inventory: Flows use 'ai.generate' and 'ai.defineTool' to interact with models and execute logic. Sanitization: Zod validation provides a layer of input sanitization and structural checking.
- [SAFE]: No malicious patterns, obfuscation, or unauthorized data exfiltration were detected in the skill.
Audit Metadata