genkit
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill guides the installation of the
genkit-cliand official plugins from the NPM registry and GitHub repositories associated with Firebase Genkit.\n- [REMOTE_CODE_EXECUTION]: Includes a setup command that fetches and executes a script fromcli.genkit.dev. This is the official installation method for the Genkit CLI tool.\n- [COMMAND_EXECUTION]: Provides instructions for running local commands such asnpx tsxfor development andfirebase deployfor production deployment.\n- [PROMPT_INJECTION]: Defines AI flows that interpolate untrusted input directly into prompts, creating an indirect prompt injection surface.\n - Ingestion points: Inputs for flows in
SKILL.md(e.g.,textinsummarizeFlow,questioninagentFlow).\n - Boundary markers: Generally absent in standard template literals; Dotprompt examples utilize
{{variable}}delimiters.\n - Capability inventory: Includes model plugin integration for network LLM calls and
dev-local-vectorstorefor local file system interaction.\n - Sanitization: Uses Zod for structural validation of inputs, but does not provide specific filtering for malicious LLM instructions.
Audit Metadata