ai-multimodal
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Data Exposure & Exfiltration] (SAFE): The skill requires a Google Gemini API key and correctly instructs the user to provide it via environment variables or a
.envfile. Thescripts/check_setup.pyscript attempts to find this key using a centralized resolver pattern, which is a secure way to manage secrets across multiple skills without hardcoding them. - [Indirect Prompt Injection] (LOW): Because the skill is designed to process external, untrusted media files (PDFs, images, audio, video), it inherently possesses an indirect prompt injection surface. An attacker could embed malicious instructions within a document or image metadata.
- Ingestion points: Processing functions in
gemini_batch_process.pyanddocument_converter.py(referenced in SKILL.md). - Boundary markers: Not explicitly defined in the provided documentation, though typical for Gemini-based workflows.
- Capability inventory: The skill uses
Bash,Read,Write, andEditpermissions, allowing it to modify the filesystem and execute commands, which is required for media conversion and processing. - Sanitization: No explicit sanitization of file content is shown in the provided script logic, relying on the underlying LLM's safety guardrails.
- [Dynamic Execution] (SAFE): The
scripts/check_setup.pyscript uses__import__to dynamically check for the presence of required Python packages. This is a standard and safe implementation for a setup verification tool.
Audit Metadata