gemini-carousel
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No high-risk security patterns such as remote code execution, credential exfiltration, or unauthorized network access were detected. The skill's operations are limited to text processing and user interaction.
- [PROMPT_INJECTION]: The skill ingests untrusted user content to generate design briefs, creating a surface for indirect prompt injection. However, the risk is minimal because the skill lacks dangerous tools or system access.
- Ingestion points: User-provided content in Step 1.
- Boundary markers: No specific delimiters or instructions to ignore embedded commands are present.
- Capability inventory: Operations are restricted to text output and reading local project files (brand-kit.md, voice.md).
- Sanitization: Input content is processed without filtering or validation.
Audit Metadata