gemini-image-generator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill depends on
google-genaiandPillow. Both are standard, well-maintained packages. Thegoogle-genaipackage is authored by Google, a trusted organization. - [CREDENTIALS_UNSAFE] (SAFE): The script correctly retrieves the API key from an environment variable (
GEMINI_API_KEY) rather than hardcoding it. A placeholder is provided in the documentation for user setup. - [DATA_EXFILTRATION] (SAFE): File access is limited to reading reference images via
PIL.Image.openand writing the generated output to a user-defined path. Network activity is confined to the official Google GenAI SDK calls. - [REMOTE_CODE_EXECUTION] (SAFE): No patterns for downloading or executing remote code or scripts were detected. The Python script uses a standard wrapper to ensure execution within a virtual environment.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes user-supplied prompts and reference images. While these are ingestion points for untrusted data, the risk is minimal as the output is a static image and the skill does not possess high-privilege capabilities like arbitrary command execution or system-wide file writes.
- Ingestion points: Command line arguments
--promptand--reference(file paths). - Boundary markers: None used; the prompt is passed directly to the
generate_contentmethod. - Capability inventory: Local file read (images), local file write (output image), and network access to Google APIs.
- Sanitization: Validates image files using the Pillow library and ensures output directories exist.
Audit Metadata