gemini-vision
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface\n
- Ingestion points: The scripts
scripts/analyze-image.pyandscripts/upload-file.pyingest data from local file paths and user-provided URLs.\n - Boundary markers: The prompt and image data are sent as distinct parts to the Gemini API; however, the skill lacks explicit delimiters or instructions to the model to ignore embedded commands within images or documents (e.g., OCR-based injections in PDFs).\n
- Capability inventory: The skill allows file reading (
open), network downloads (requests.get), and communication with external Google APIs via thegoogle-genaiSDK.\n - Sanitization: Validation is limited to file existence checks and MIME type identification based on file extensions.\n- [EXTERNAL_DOWNLOADS]: The
scripts/analyze-image.pyscript uses therequestslibrary to download content from arbitrary URLs provided as arguments, which could lead to server-side request forgery (SSRF) or processing of malicious content if used with untrusted links.\n- [COMMAND_EXECUTION]: The skill requires the execution of Python scripts (analyze-image.py,upload-file.py,manage-files.py) that perform local file system operations and external network requests to Google services.
Audit Metadata