adk-agent-builder
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the official
google-adkpackage and related Google Cloud SDKs from standard package registries. These are recognized as well-known resources for agent development. - [COMMAND_EXECUTION]: Utilizes bash commands for legitimate development tasks such as project scaffolding, running unit tests with
pytest, and deploying agents to Vertex AI Agent Engine via theadkCLI tool. - [CREDENTIALS_UNSAFE]: Adheres to secure practices by instructing users to manage sensitive information like API keys and webhooks through environment variables or Google Secret Manager, rather than hardcoding them in the source code.
- [DATA_EXFILTRATION]: Network operations are directed to official Google Cloud APIs for the purpose of agent deployment and management. No unauthorized data transmission to external or untrusted domains was detected.
- [PROMPT_INJECTION]: The skill defines patterns for agents to ingest data such as PR diffs and research findings. While this constitutes a potential surface for indirect prompt injection in the generated applications, the skill itself does not contain malicious instructions or bypass attempts.
Audit Metadata