adk-dev-guide
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill includes instructions to treat DESIGN_SPEC.md as the primary source of truth, creating a surface for indirect prompt injection. (Ingestion points: DESIGN_SPEC.md; Boundary markers: Absent; Capability inventory: uv, adk, make, terraform, pytest, ruff; Sanitization: Absent).
- [PROMPT_INJECTION]: The skill uses directive headers like 'ALWAYS ACTIVE' and 'IMPORTANT' to prioritize guidelines and constraints.
- [COMMAND_EXECUTION]: The guide details the use of several CLI tools, including uv for Python execution, adk for agent lifecycle management, make for task automation, and terraform for infrastructure.
- [EXTERNAL_DOWNLOADS]: The skill provides commands to fetch updates and tools from the google-adk package via uvx. These references target a well-known organization and its official packages.
Audit Metadata