adk-dev-guide
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references the 'google-adk' package for development checks and setup using the 'uvx' tool. This package originates from a trusted organization (Google).
- [COMMAND_EXECUTION]: The skill instructs the agent to execute various development commands including 'uv run', 'make playground', 'adk eval', 'pytest', 'ruff', and 'terraform import'. These are standard development operations for the intended use case.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it is designed to ingest and act upon instructions from external files like 'DESIGN_SPEC.md' and user feedback.
- Ingestion points: Reads instructions from 'DESIGN_SPEC.md', user feedback, and evaluation datasets.
- Boundary markers: The skill does not define specific boundary markers or 'ignore' instructions for the content read from 'DESIGN_SPEC.md'.
- Capability inventory: The agent has the capability to execute shell commands, run python scripts, and manage infrastructure via Terraform.
- Sanitization: No explicit sanitization or validation logic is defined for the content ingested from external specification files.
Audit Metadata