adk-skill
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Skill provides instructions for executing shell commands for package management (pip, npm, go get, mvn), environment setup, and cloud deployment (adk deploy cloud_run).
- [REMOTE_CODE_EXECUTION]: Documentation includes an example of a calculation tool using Python's
eval()function on string input. It also provides examples of running MCP servers usingnpx -y, which involves downloading and executing remote packages. - [EXTERNAL_DOWNLOADS]: Documentation references external dependencies from public registries including PyPI (google-adk), NPM (@google/adk), and Maven (com.google.adk:google-adk).
- [PROMPT_INJECTION]: The skill facilitates the creation of agents that ingest untrusted user data, which presents a surface for indirect prompt injection.
- Ingestion points: User queries processed via agent logic in files like SKILL.md and agent.py.
- Boundary markers: Missing in basic code examples, though the skill documents guardrail patterns to mitigate these risks.
- Capability inventory: Subprocess execution via npx (MCP tools), eval() execution in tool examples, and system deployment capabilities (adk deploy).
- Sanitization: Documentation provides examples of before_tool_callback and before_model_callback for input validation and safety checks.
Audit Metadata