google-file-search
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): The skill implements a Retrieval-Augmented Generation (RAG) workflow, creating an attack surface for indirect prompt injection via document content.\n
- Ingestion points: External documents (PDF, DOCX, TXT, etc.) are read and uploaded for indexing in
scripts/upload_documents.pyandtemplates/python-client.py.\n - Boundary markers: The prompt construction in
scripts/search_query.py(line 62) andtemplates/python-client.py(line 166) lacks specific delimiters (like XML tags or markdown blocks) or instructions to the model to ignore embedded instructions within retrieved grounding text.\n - Capability inventory: The skill uses the
google-genaiclient to generate content and manage file stores, allowing retrieved data to influence model outputs.\n - Sanitization: No sanitization, filtering, or validation of document content is performed prior to the indexing or retrieval process.
Audit Metadata