google-adk-python
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs users to install the
google-adkPython package, which is the official toolkit provided by Google for agent development. - [COMMAND_EXECUTION]: The skill demonstrates how to create and use custom tools using
Tool.from_function, allowing the agent to execute specific Python functions as part of its reasoning process. - [PROMPT_INJECTION]: The skill describes an architecture that processes data from external sources, which is a potential surface for indirect prompt injection.
- Ingestion points: Data from the
google_searchtool is ingested into the agent's context. - Boundary markers: The provided code snippets do not explicitly show the use of delimiters or markers to separate untrusted search data from instructions.
- Capability inventory: The agents can perform network searches and execute custom Python functions via the tool interface.
- Sanitization: The skill does not detail explicit sanitization or validation of the data returned by the search tool before processing.
Audit Metadata