adk
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The ZAI API reference describes several operations that ingest and process untrusted external data, which is a surface for indirect prompt injection.\n
- Ingestion points: Methods like zai.extract, zai.answer, and zai.patch in zai-agent-reference.md accept strings and documents from potentially untrusted sources.\n
- Boundary markers: The provided examples do not demonstrate the use of boundary markers or specific instructions to ignore embedded commands in input data.\n
- Capability inventory: The zai.patch operation is capable of modifying project source code files based on natural language instructions.\n
- Sanitization: There is no mention of input validation or sanitization processes for the data being handled by these LLM-driven tools.\n- [External Downloads] (SAFE): The documentation suggests the use of the @modelcontextprotocol/inspector via npx. This is a standard utility within the Model Context Protocol ecosystem and is appropriate for the skill's context.\n- [Command Execution] (SAFE): The references/mcp-server.md file documents standard CLI commands for initializing and running an MCP server (e.g., adk mcp:init), which are expected functions of a development toolkit.
Audit Metadata