vertex-ai-media-master
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection vulnerability surface detected.
- Ingestion points: External media files (videos, images, audio) and text briefs are ingested for analysis and generation across multiple files, including
SKILL.mdandreferences/examples.md(e.g., viamodel.generate_content). - Boundary markers: Analysis of
references/examples.mdreveals that prompts provided to the models do not include delimiters or instructions to ignore embedded commands within the processed media. - Capability inventory: The skill operates in an environment with broad tool permissions including
Bash(general:*),Bash(util:*),Write,Edit, andRead, as specified in theallowed-toolsfrontmatter ofSKILL.md. - Sanitization: There is no evidence of input sanitization or filtering for instructions hidden within media metadata, transcriptions, or visual text overlays.
- [COMMAND_EXECUTION]: While the skill defines
Bashtools in its allowed-tools configuration to scope access, the combination of shell access with the processing of untrusted external content increases the potential impact of an indirect prompt injection attack.
Audit Metadata