Skills
skills/firebase/agent-skills/developing-genkit-python/Gen Agent Trust Hub

developing-genkit-python

Fail

Audited by Gen Agent Trust Hub on Apr 23, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Persistence mechanism detected in references/dev-workflow.md, where the skill instructs users to append export commands to their shell profile (~/.zshrc). This modifies system configuration to maintain environment state across sessions.- [REMOTE_CODE_EXECUTION]: The skill recommends installing the uv dependency manager by downloading and executing a shell script from https://astral.sh/uv/install.sh via a pipe to sh.- [PROMPT_INJECTION]: Indirect prompt injection surface identified. The skill demonstrates flows and tools (e.g., summarize and get_weather in references/examples.md) that ingest untrusted user data via Pydantic models and interpolate it into model prompts without sanitization. Evidence Chain: 1. Ingestion points: SummarizeInput.text and WeatherInput.city (referenced in references/examples.md). 2. Boundary markers: Absent in provided examples. 3. Capability inventory: Ability to call models via ai.generate and execute local code via uv run in the genkit start workflow. 4. Sanitization: Absent in the code patterns.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 23, 2026, 04:49 PM