google-gemini-file-search
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- External Downloads (LOW): The skill references the installation of
@google/genai. This package resides within the@googlescope, which is a trusted organization. Per the [TRUST-SCOPE-RULE], this finding is downgraded to LOW. - Indirect Prompt Injection (LOW): The skill is designed to facilitate document ingestion for RAG (Retrieval-Augmented Generation), which creates an inherent surface for indirect prompt injection.
- Ingestion points: Document upload operations via
ai.fileSearchStores.uploadToFileSearchStoreinreferences/setup-guide.mdandreferences/error-catalog.md. - Boundary markers: Not present; the templates do not show specific delimiters or instructions to the agent to ignore embedded commands within the searched files.
- Capability inventory: The skill uses the Google Gemini SDK to manage file stores and perform queries; it does not contain arbitrary shell execution or file-write capabilities.
- Sanitization: No sanitization or validation logic for ingested file content is included in the provided script or documentation.
Audit Metadata