google-adk-python
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (SAFE): The skill installs the 'google-adk' package from PyPI and references the 'google/adk-python' GitHub repository. Both are associated with a trusted organization ('google').
- [COMMAND_EXECUTION] (SAFE): The skill includes standard development commands such as 'pip install', 'docker build', and 'gcloud run deploy'. These are intended for environment setup and deployment of the created agents.
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface detected.
- Ingestion points: Data enters the agent context through the 'google_search' tool and sub-agent delegation.
- Boundary markers: No explicit instruction delimiters or boundary markers are demonstrated in the prompt snippets.
- Capability inventory: The toolkit includes 'code_execution' and 'google_search' capabilities, as well as deployment via Cloud Run/Vertex AI.
- Sanitization: No explicit sanitization or input validation logic is shown in the examples provided.
Audit Metadata