gemini-api-dev
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- PROMPT_INJECTION (LOW): The skill uses directive language ('Your knowledge is outdated', 'Models like gemini-2.5-*... are legacy') to attempt to override the agent's internal state. It falsely claims that current production models are deprecated and instructs the agent to use speculative or non-existent model names like 'gemini-3-pro-preview'.
- INDIRECT_PROMPT_INJECTION (LOW): The skill establishes an attack surface (Category 8) by instructing the agent to fetch and process content from an external 'llms.txt' index and associated documentation files.
- Ingestion points:
https://ai.google.dev/gemini-api/docs/llms.txtand linked.md.txtfiles. - Boundary markers: Absent; there are no delimiters or instructions for the agent to ignore embedded commands in the fetched data.
- Capability inventory: The agent is instructed to use the fetched data for implementing and debugging API integrations, which may involve code generation or tool usage.
- Sanitization: Absent.
- EXTERNAL_DOWNLOADS (SAFE): The skill references official Google SDKs (
google-genai,@google/genai,google.golang.org/genai). These packages and the associated domains (googleapis.com,google.dev) are recognized as trusted sources per the [TRUST-SCOPE-RULE].
Audit Metadata