gemini-text
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes external data from Google Search results when the grounding feature is enabled, creating a surface for indirect prompt injection.
- Ingestion points: Web search results retrieved via the
google_searchtool inscripts/generate.py. - Boundary markers: No specific delimiters or instructions (e.g., 'ignore embedded commands') are used when presenting grounded data to the model.
- Capability inventory: The skill allows for complex text generation and data extraction.
- Sanitization: No sanitization or filtering is applied to the retrieved search content before it is processed by the model.
- [PROMPT_INJECTION]: System instructions and user prompts are passed directly to the API in
scripts/generate.pywithout additional safety framing or boundary markers to prevent model override.
Audit Metadata