media-storage
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill integrates with Cloudflare R2 (S3-compatible storage) and Google Gemini API for image analysis. These interactions are directed to well-known, established cloud service providers.
- [DATA_EXFILTRATION]: Credential management is handled through environment variables (e.g.,
R2_ACCESS_KEY_ID,GEMINI_API_KEY). No sensitive keys or tokens are hardcoded within the provided files. - [COMMAND_EXECUTION]: File operations are performed using standard, trusted libraries such as
@aws-sdk/client-s3. Checksum calculations for deduplication use the built-in Node.jscryptomodule. - [PROMPT_INJECTION]: The skill includes an indirect prompt injection surface where image data is sent to the Gemini API alongside a natural language prompt. However, the implementation includes a robust mitigation by validating the API response against a strict hexadecimal color regular expression (
/#[0-9A-Fa-f]{6}/) before processing or storing the data.
Audit Metadata