ian-gemini-web
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection as it processes external prompts and files and transmits them to an LLM. \n
- Ingestion points: Untrusted data enters via the '--prompt' argument and content from files specified in '--promptfiles'. \n
- Boundary markers: No specific delimiters or instructions to ignore embedded commands were found in the provided code. \n
- Capability inventory: The skill possesses the ability to read and write session history files ('scripts/session-store.ts') and perform network requests to Google Gemini services. \n
- Sanitization: There is no evidence of input sanitization or filtering for the prompt data before it is interpolated into the request.
Audit Metadata