gemini-embed
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill documentation includes
curlcommands targetinggenerativelanguage.googleapis.com. This is a trusted official domain for Google's API services.- [CREDENTIALS_UNSAFE] (SAFE): The skill correctly references theGOOGLE_API_KEYvia an environment variable rather than hardcoding a secret key.- [COMMAND_EXECUTION] (SAFE): The providedcurlcommands are standard API interaction examples. No malicious shell piping, arbitrary command execution, or dangerous system calls were detected.- [PROMPT_INJECTION] (SAFE): No malicious instructions, bypass attempts, or role-play markers were detected in the skill's body or metadata.- [INDIRECT_PROMPT_INJECTION] (SAFE): While the skill processes untrusted user text for embedding, it does so via a structured API call to a specific model endpoint. No exploitable side effects or missing sanitization patterns were identified that could compromise the agent's integrity.
Audit Metadata