Skills
skills/browser-act/skills/google-image-api-skill/Gen Agent Trust Hub

google-image-api-skill

Pass

Audited by Gen Agent Trust Hub on Mar 28, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes a local Python script (scripts/google_image_api.py) to manage API requests and process results. Parameters like search keywords and region settings are passed as command-line arguments to the script.
  • [DATA_EXFILTRATION]: The script transmits search parameters to api.browseract.com and retrieves image metadata. This network activity is confined to the vendor's official API endpoint and is required for the skill's primary function of visual data extraction.
  • [PROMPT_INJECTION]: The skill processes external content retrieved from Google Images, which constitutes an indirect prompt injection surface.
  • Ingestion points: Structured image metadata is fetched from the BrowserAct API in scripts/google_image_api.py.
  • Boundary markers: The extracted metadata is printed to the standard output without specific delimiters or instructions to the agent to ignore embedded content.
  • Capability inventory: The skill has network access via the requests library and executes a local Python script.
  • Sanitization: The results are printed as either the raw string returned by the API or a JSON-encoded version of the response, with no additional filtering or escaping of the content.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 28, 2026, 03:42 PM