gemini-api-integration
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Recommends installing official SDKs from Google's well-known package registries (@google/generative-ai and google-generativeai).
- [PROMPT_INJECTION]: The skill documents methods for processing untrusted user inputs and multimodal data, which represents a surface area for indirect injection.
- Ingestion points: model.generateContent and chat.sendMessage in SKILL.md.
- Boundary markers: Absent in code snippets.
- Capability inventory: Network access to Google API and local file reading.
- Sanitization: No sanitization is demonstrated in the documentation examples.
Audit Metadata