gemini-visual
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface by processing untrusted data to perform file-system operations.
- Ingestion points: Multiple scripts (analyze_ui.py, compare_designs.py, extract_colors.py, screenshot_to_code.py) accept user-provided images, while design_from_brief.py ingests text-based design briefs through CLI arguments, files, or interactive input.
- Boundary markers: Prompts within the scripts use structured delimiters and markdown headers (e.g., '---', 'Brief:', 'Additional Context:') to separate system instructions from user data.
- Capability inventory: The skill possesses the capability to write various file types to the local disk, including HTML, CSS, JavaScript, JSON, Markdown, and PNG files across all its operational scripts.
- Sanitization: The skill lacks explicit validation or sanitization of the model's response content before writing it to files, which could lead to the creation of malicious files if the underlying model is successfully manipulated by the input data.
Audit Metadata