gemini-batch
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes external JSONL files containing content for AI processing. If an attacker controls the input data, they could embed malicious instructions that influence the model's behavior during batch execution.
- Ingestion points: The
scripts/create_batch.jsscript reads aninput_file(JSONL format) to be uploaded and processed. - Boundary markers: Absent. The scripts do not implement delimiters or system-level instructions to ignore potential commands embedded within the batch data.
- Capability inventory: The skill possesses the ability to read local files, upload content to Google Cloud, poll for status, and write results to the local file system via
scripts/get_results.js. - Sanitization: Absent. There is no validation or filtering of the text content within the JSONL records before they are sent for processing.
Audit Metadata