google-gemini-media
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs users to install the official
@google/genaipackage from the npm registry and interacts withgenerativelanguage.googleapis.com. These are established, well-known services and are used here for their intended purpose.- [COMMAND_EXECUTION]: Provided code templates include standard local file system operations using the Node.jsfsmodule to save generated media files (e.g.,fs.writeFileSync("out.png", ...)). These operations are consistent with the skill's stated purpose of media processing.- [PROMPT_INJECTION]: The skill processes external media files for interpretation, which constitutes an indirect prompt injection surface. - Ingestion points: Untrusted media bytes or file URIs are passed to
generateContentinSKILL.md(Sections 6, 8, 10). - Boundary markers: Not explicitly defined in the provided code templates.
- Capability inventory: The skill utilizes file system writes and network operations to Google's API services.
- Sanitization: No media-specific sanitization is implemented within the provided templates.
Audit Metadata