gemini-live-api-dev
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- Official SDK Usage: The skill recommends the official and up-to-date Python (google-genai) and JavaScript (@google/genai) SDKs for Gemini Live API development.
- Secure Authentication Guidance: It explicitly advises against exposing API keys in client-side environments, recommending the use of ephemeral tokens instead.
- Trusted Documentation Sources: All primary documentation links and fallback URLs point to official google.dev and google.com subdomains.
- Input Processing Considerations (Indirect Prompt Injection Surface): This skill demonstrates handling untrusted user data (audio, video, text) via the send_realtime_input methods in SKILL.md (Ingestion Points). No explicit boundary markers or sanitization logic are included in the educational snippets (Boundary Markers and Sanitization absent). The skill's capabilities focus on real-time WebSocket interaction with the Gemini Live API (Capability Inventory). Developers should apply standard LLM input validation when moving to production.
Audit Metadata