gemini-deep-research
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill has a vulnerability surface for indirect prompt injection in the research query processing.\n
- Ingestion points: User-provided values from the
--queryand--formatarguments inscripts/deep_research.pyare directly embedded into the API request payload.\n - Boundary markers: The script does not utilize delimiters or specific instructions to isolate user input from the rest of the agent prompt, which could allow malicious input to subvert the agent's logic.\n
- Capability inventory: The Deep Research agent can perform comprehensive web searches, and the script has the capability to write results as markdown and JSON files to the local file system.\n
- Sanitization: No input validation, escaping, or sanitization is performed on the user inputs before they are sent to the Google Gemini API.
Audit Metadata