vertex-ai-api-dev
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- Instructional Overrides: The skill contains directives intended to override the model's internal knowledge base, such as claiming the model's knowledge is "outdated." While intended to encourage the use of the latest SDK versions, this pattern is a form of instruction manipulation.
- External Package Execution (MCP): The documentation for experimental Model Context Protocol (MCP) support includes an example using
npxto download and execute a community-maintained package. This pattern involves running code from external sources which may not have the same security guarantees as official vendor SDKs. - In-Model Code Execution: The skill demonstrates the
code_executiontool, which allows the model to generate and execute Python code to perform calculations. This is a powerful feature but represents a capability for dynamic code execution that should be managed appropriately. - Indirect Prompt Injection Surface:
- Ingestion points: The skill facilitates processing data from Google Cloud Storage, YouTube, and arbitrary web URLs using the
url_contexttool. - Boundary markers: Code samples do not demonstrate the use of specific boundary markers or instructions to isolate external content from system prompts.
- Capability inventory: The skill enables both model-generated code execution and the execution of external tools via MCP.
- Sanitization: There are no explicit sanitization steps shown for content retrieved from external URLs or files before it is processed by the model.
Audit Metadata