google-gemini-embeddings
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Indirect Prompt Injection] (LOW): The RAG implementation provided in templates/rag-with-vectorize.ts creates a surface for indirect prompt injection by interpolating retrieved document text directly into an LLM prompt. ◦ Ingestion points: Untrusted document data enters the system via the /ingest route and is retrieved during the /query route in templates/rag-with-vectorize.ts. ◦ Boundary markers: The prompt template does not utilize specific delimiters or instructions to isolate retrieved context from the system instructions. ◦ Capability inventory: The skill has the capability to perform network requests to Google Generative AI APIs for content generation. ◦ Sanitization: No sanitization or validation of the ingested document content is performed prior to prompt construction.
- [External Downloads] (SAFE): The skill utilizes the official @google/genai SDK and communicates with verified, standard Google API endpoints for AI services.
- [Command Execution] (SAFE): The script scripts/check-versions.sh uses the npm view command to check for package updates, which is a benign and common development practice.
Audit Metadata