gemini-api
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- Prompt Instruction Guidance: The skill includes instructions such as "Your knowledge is outdated" to ensure the agent prioritizes the provided model versioning and SDK information. This is a common pattern in technical guides intended to update the agent's context with the most current product details.
- External Dependency Management: The skill references several official SDKs and includes an experimental example using
npxto execute a third-party Model Context Protocol (MCP) server (@philschmid/weather-mcp). This involves downloading and running code from an external package registry at runtime. Users implementing this experimental feature should verify the source tool's integrity. - Dynamic Execution Capabilities: The skill demonstrates the use of the
code_executionandurl_contexttools. These features allow the model to run generated Python code and retrieve content from external URLs. While these are powerful features of the API, they create an interface for processing untrusted data; the skill appropriately includes a reference on how to configure safety filters to mitigate potential risks. - Secure Credential Handling: The documentation encourages the use of Application Default Credentials (ADC) and environment variables for managing sensitive data like API keys and project IDs, which aligns with industry best practices for secure application development.
Audit Metadata