developing-genkit-dart
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill recommends installing the Genkit CLI using a script piped to bash from a vendor-controlled domain (
curl -sL cli.genkit.dev | bash) in SKILL.md. This involves the execution of remote code in the local environment. - [COMMAND_EXECUTION]: The Model Context Protocol (MCP) features described in references/genkit_mcp.md utilize the
npxcommand to dynamically launch server processes and aggregate their capabilities. - [PROMPT_INJECTION]: The skill implements an indirect prompt injection surface via the SkillsPlugin and FilesystemPlugin documented in references/genkit_middleware.md. 1. Ingestion points: Data enters the agent context through local files via
skillPathsor theread_filetool. 2. Boundary markers: The documentation does not specify delimiters or instructions to ignore embedded instructions for these inputs. 3. Capability inventory: The skill includes high-privilege tools forlist_files,read_file,write_file, andsearch_and_replace(found in references/genkit_middleware.md). 4. Sanitization: No explicit sanitization or filtering of file content is described before interpolation into the prompt. - [DATA_EXFILTRATION]: The FilesystemPlugin grants the agent capabilities to list, read, and write files. If the
rootDirectoryis not strictly enforced, this could allow unauthorized access to sensitive files on the host system. - [EXTERNAL_DOWNLOADS]: The skill documents the installation of external dependencies using package managers, such as
npm install -g genkit-clianddart pub add schemantic.
Audit Metadata