genkit-production-expert
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill scaffolding script downloads official packages from npm (
genkit,@genkit-ai/googleai,@genkit-ai/vertexai) and PyPI (firebase-genkit). These are legitimate libraries belonging to the Google and Firebase AI development ecosystem. - [COMMAND_EXECUTION]: The
scripts/init-genkit.shscript executes standard commands for project initialization, such asnpm init,npm install, andpip install. The script utilizes safe shell practices, including variable quoting and strict error handling withset -euo pipefail. - [DATA_EXFILTRATION]: No malicious data access or exfiltration patterns were identified. The skill documentation emphasizes secure practices like environment variable management and API key rotation.
- [PROMPT_INJECTION]: Instructions and metadata were scanned for injection patterns, such as behavior overrides or safety bypasses, and none were found.
- [SAFE]: The skill demonstrates a strong security posture by providing documentation on schema validation, input sanitization, and comprehensive error handling for production environments.
Audit Metadata