veo-build
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill references source code and documentation from the
googleapisorganization on GitHub. As a trusted organization, these references are considered safe and intended for developer inspection. - [DATA_EXFILTRATION] (SAFE): File and environment variable access (e.g.,
GOOGLE_CLOUD_PROJECT, local images) is strictly limited to the operational requirements of the Vertex AI SDK. There is no evidence of sensitive data being sent to unauthorized external domains. - [PROMPT_INJECTION] (LOW): Like any tool that processes user-defined prompts for AI generation, there is an inherent surface for indirect prompt injection. However, the skill utilizes standard SDK practices and relies on the underlying model's safety filters (e.g.,
person_generation='allow_adult'). - Ingestion points: Prompt strings and image/video file inputs in
generation.md,editing.md, andadvanced.md. - Boundary markers: Absent in example prompts.
- Capability inventory: Limited to
client.models.generate_videosAPI calls to Google Cloud services. - Sanitization: Relies on backend Vertex AI safety configurations.
Audit Metadata