genkit
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installing the Genkit CLI using
curl -sL cli.genkit.dev | bash. This is a documented installation pattern for an official Google/Firebase tool and targets a well-known service domain.\n- [COMMAND_EXECUTION]: The skill documents various CLI commands (e.g.,genkit start,genkit flow:run) for interacting with the Genkit environment and executing AI flows during development and testing.\n- [PROMPT_INJECTION]: As a framework for building RAG (Retrieval-Augmented Generation) and agentic systems, the skill demonstrates patterns that ingest untrusted user input and external data, creating a surface for indirect prompt injection.\n - Ingestion points: User-provided text in
summarizeFlow,agentFlow, andragFlowflows; external documents retrieved viadevLocalVectorstoreRetriever.\n - Boundary markers: Code examples use system prompts like 'Answer questions using only the provided context' to guide the LLM, though strict delimiter-based enforcement is left to the developer.\n
- Capability inventory: Flows are designed to execute arbitrary logic, call external tools/APIs, and interact with databases.\n
- Sanitization: The framework strongly encourages the use of Zod schemas for input and output validation.
Audit Metadata