Skills
skills/ratacat/claude-skills/gemini-imagegen/Gen Agent Trust Hub

gemini-imagegen

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • Prompt Injection (LOW): The skill is vulnerable to indirect prompt injection (Category 8) as it accepts raw text prompts and instructions from users and passes them directly to the Gemini API without sanitization or boundary markers.
  • Ingestion points: The instruction and prompt arguments in generate_image.py, edit_image.py, compose_images.py, and multi_turn_chat.py allow untrusted data to enter the agent context.
  • Boundary markers: No delimiters or explicit instructions to ignore embedded commands are present in the scripts or documentation.
  • Capability inventory: The skill possesses significant capabilities, including reading local files (Image.open in all scripts), writing to the local file system (image.save), and performing network operations via the Google GenAI SDK.
  • Sanitization: No input validation, escaping, or filtering of external content is implemented before interpolation into the API calls.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 04:10 PM