adk-agent-extension
Warn
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill instructs users to install an extension from an unverified GitHub repository (
https://github.com/simonliu-ai-product/adk-agent-extension), bypassing trusted source protections.\n- COMMAND_EXECUTION (MEDIUM): Setup requires runningbun installandbun run build, which executes arbitrary package scripts defined in the downloaded extension.\n- REMOTE_CODE_EXECUTION (MEDIUM): The skill facilitates the execution of a downloaded JavaScript file (google-adk-agent-extension.js) by registering it as an MCP server with the local agent.\n- PROMPT_INJECTION (LOW): The skill processes untrusted data from remote ADK agents and configuration files, creating a surface for indirect prompt injection. Ingestion points:adk_agent_list.jsonand agent message responses. Boundary markers: Absent. Capability inventory: Subprocess execution (node) and network operations. Sanitization: Absent.
Audit Metadata