gemini-imagegen
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted user input (text prompts and image data) which is passed to the Gemini model for processing. This is a standard risk for LLM-based tools.
- Ingestion points: User-supplied instructions and image file paths are ingested in
scripts/generate_image.py,scripts/edit_image.py,scripts/compose_images.py, and the libraryscripts/gemini_images.py. - Boundary markers: None. Input instructions and image objects are passed directly to the
google-genaiclient without explicit delimiters or system instructions to ignore embedded commands. - Capability inventory: The skill can perform network operations (connecting to the Gemini API) and file system operations (reading source images and saving generated content to disk using
PIL.Image.save()). - Sanitization: No sanitization or validation of the input text instructions is performed before they are sent to the model.
- [EXTERNAL_DOWNLOADS]: The skill downloads dependencies (
google-genaiandPillow) from official package registries. These are well-known, trusted libraries for the intended functionality. - [COMMAND_EXECUTION]: The skill provides CLI scripts that execute logic locally for image processing. These scripts use standard argument parsing and do not involve shell injection vulnerabilities.
Audit Metadata