developing-genkit-python
Warn
Audited by Gen Agent Trust Hub on Apr 23, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the user to modify shell configuration files (~/.zshrc) to persist environment variables for authentication.\n
- Evidence: Found in references/dev-workflow.md:
echo 'export GEMINI_API_KEY=your-api-key-here' >> ~/.zshrc.\n- [REMOTE_CODE_EXECUTION]: The skill fetches and executes the official installation script for theuvpackage manager from Astral's official domain.\n - Evidence: Found in references/dev-workflow.md:
curl -LsSf https://astral.sh/uv/install.sh | sh.\n- [PROMPT_INJECTION]: The skill processes untrusted user data in flows and tools without explicit sanitization or boundary markers, creating a surface for indirect prompt injection.\n - Evidence Chain:\n
- Ingestion points: Input models such as
ChatInputandSummarizeInputin references/fastapi.md and references/examples.md.\n - Boundary markers: Absent in prompt templates.\n
- Capability inventory: The agent can generate LLM responses and execute tools based on this input.\n
- Sanitization: No sanitization or validation of the input content before interpolation into prompts.
Audit Metadata