ai-multimodal
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials or sensitive file access detected. The
.env.examplefile correctly uses placeholders and provides security guidance for API key management.\n- Unverifiable Dependencies (SAFE): Dependencies listed inrequirements.txtare well-known, versioned packages. The coregoogle-genailibrary is from a trusted organization (Google).\n- Indirect Prompt Injection (LOW): \n - Ingestion points:
references/audio-processing.mddescribes methods for ingesting audio and document files (client.files.upload).\n - Boundary markers: Not explicitly defined in documentation snippets.\n
- Capability inventory: The skill performs analysis and transcription on ingested content.\n
- Sanitization: Not demonstrated in the provided reference materials. This is an inherent surface for multimodal skills but no active exploitation was found.
Audit Metadata