google-gemini-file-search
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFE
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill facilitates the creation of RAG systems by ingesting untrusted external documents (PDF, Word, code) which are then processed by an LLM. This creates an attack surface where malicious instructions embedded in documents could influence the agent's behavior during queries.
- Ingestion points: SKILL.md and README.md describe workflows for uploading files from the local filesystem to Google Gemini File Search Stores using the
@google/genaiSDK. - Boundary markers: The documentation does not provide specific instructions to wrap ingested content with protective delimiters or instructions to ignore embedded commands.
- Capability inventory: The skill utilizes file system reading (
fs.createReadStream) and network operations to interact with the Google Gemini API (a trusted service). - Sanitization: There is no explicit mechanism described for sanitizing document content or validating that structured data does not contain natural language instructions.
Audit Metadata