gemini-image-generator
Warn
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Persistence Mechanisms (MEDIUM): The skill instructs the user to append an export command to their shell profile (~/.zshrc or ~/.bashrc). While intended for environment variable persistence, modifying shell startup files is a technique used by attackers to maintain persistence or execute malicious code in every new shell session.
- Indirect Prompt Injection (MEDIUM): The skill possesses a significant attack surface for Indirect Prompt Injection (Category 8). Ingestion points: Text prompts via -p and input images via -i. Boundary markers: Absent in provided documentation. Capability inventory: Subprocess execution (running the generation script), file system writes (outputting generated images), and network access (calling the Gemini API). Sanitization: No sanitization or validation of the input prompt or image metadata is mentioned, which could allow external content to influence the agent's behavior.
- Credential Handling (LOW): Recommends storing API keys in plaintext within shell profiles, which are often backed up, synchronized across devices, or accidentally committed to version control repositories.
Audit Metadata