google-gemini-embeddings
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): The skill contains a RAG implementation template (
templates/rag-with-vectorize.ts) that is susceptible to indirect prompt injection. - Ingestion points: The skill ingests untrusted data through the
documentsarray in the/ingestendpoint and thequerystring in the/queryendpoint. - Boundary markers: The prompt uses simple labels ("Context:" and "Question:") to separate data from instructions but lacks robust delimiters or "ignore embedded instructions" directives.
- Capability inventory: The skill has the capability to perform network operations (calling Google's Generative Language API) based on the processed context.
- Sanitization: There is no evidence of text sanitization or validation of the ingested document content before it is interpolated into the prompt for the LLM.
Audit Metadata