gemini-image-generator
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute local Python scripts such as run.py, auth_manager.py, and image_generator.py. This is the primary execution mechanism for the skill logic.
- [DATA_EXFILTRATION]: The skill creates and maintains a browser session profile in data/browser_profile/ and authentication status in data/state.json. These directories contain sensitive Google authentication tokens and cookies. While required for the skill operation, the exposure of these files to other processes or potential exfiltration represents a data exposure risk.
- [PROMPT_INJECTION]: The Reference Image Mode introduces an indirect prompt injection vector. The skill analyzes user-provided images, converts the analysis to YAML, and then generates an optimized meta-prompt. This multi-step process could allow adversarial content within an image to influence the final prompt generated by the agent.
- Ingestion points: Reference images provided via the --reference-image parameter and processed by prompt_extractor.py.
- Boundary markers: The documentation does not specify the use of delimiters or 'ignore' instructions for the data extracted from images during prompt construction.
- Capability inventory: The skill has access to Bash, Read, Write, Edit, Grep, and Glob tools.
- Sanitization: There is no evidence of sanitization or validation of the extracted YAML data before it is interpolated into the meta-prompt generation phase.
Audit Metadata