gemini-integration
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: Utilizes the official @google/generative-ai library from a trusted organization (Google) and implements recommended safety settings to filter harmful AI outputs.
- [SAFE]: Adheres to security best practices by using environment variables for API keys and specifically warning against exposing credentials in client-side code.
- [PROMPT_INJECTION]: Templates interpolate external data directly into model prompts, creating a surface for indirect prompt injection. 1. Ingestion points: analyzePDF and analyzeImage functions in SKILL.md. 2. Boundary markers: Uses Markdown headers but lacks explicit ignore instructions delimiters. 3. Capability inventory: Content generation through Gemini API. 4. Sanitization: No observed input escaping.
Audit Metadata