gemini-imagegen
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill ingests untrusted user content which may contain instructions targeting the model or agent. \n
- Ingestion points: User prompts passed to the
contentsparameter and local image files (e.g.,input.jpg) read viaPath.read_bytes(). \n - Boundary markers: None present; user input is interpolated directly into model requests. \n
- Capability inventory: The skill writes generated image data to the local file system using
open()in write-binary mode. \n - Sanitization: No explicit sanitization or validation of input data is performed, relying instead on API-side safety filters. \n- [External Downloads] (LOW): The skill suggests installing the
google-genaipackage. Per [TRUST-SCOPE-RULE], this finding is downgraded to LOW/INFO as 'google' is a Trusted External Source. \n- [Data Exposure & Exfiltration] (SAFE): Sensitive credentials likeGEMINI_API_KEYare managed via environment variables rather than being hardcoded or requested in cleartext.
Audit Metadata