Skills
skills/jchaselubitz/drill-app/gemini-api/Gen Agent Trust Hub

gemini-api

Pass

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: LOWEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (LOW): The skill utilizes the @google/genai, expo-constants, and zod packages. Under [TRUST-SCOPE-RULE], findings related to @google/genai are downgraded to LOW/INFO as Google is a trusted organization.
  • [PROMPT_INJECTION] (LOW): The skill implements patterns for processing external content (Category 8), creating an indirect prompt injection surface.
  • Ingestion points: Untrusted data enters via userMessage and prompt variables in code snippets within SKILL.md.
  • Boundary markers: The provided code correctly uses the structured contents array to separate user roles from model instructions.
  • Capability inventory: The skill is designed for text generation and reasoning; it does not exhibit capabilities for file-system writes, arbitrary command execution, or non-whitelisted network exfiltration.
  • Sanitization: The skill explicitly recommends using Zod for response schema validation, providing a mitigation strategy for unexpected or malicious model outputs.
Audit Metadata
Risk Level
LOW
Analyzed
Feb 16, 2026, 12:38 PM