gemini-api-dev
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill contains instructions that attempt to override the agent's internal training data and safety filters. Specifically, it uses phrases like "Your knowledge is outdated" and provides false information about current model versions (e.g., claiming Gemini 1.5 is legacy and Gemini 3 exists) to force the agent into a specific operational mode.\n- [EXTERNAL_DOWNLOADS]: The skill fetches API discovery specifications and documentation from official Google domains including
generativelanguage.googleapis.comandai.google.dev. These are well-known, trusted service domains.\n- [PROMPT_INJECTION]: Deceptive instructions are used to influence the agent's behavior by mislabeling stable and widely-used models as "deprecated" or "legacy" in favor of hallucinated "preview" versions.\n- [PROMPT_INJECTION]: The skill includes a "Migration Guide" warning that utilizes urgent and alarming language to pressure the agent into using the specific configurations and versions dictated by the skill author, bypassing standard knowledge.\n- [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by instructing the agent to ingest external content from URLs.\n - Ingestion points: Documentation index (
llms.txt) and subsequent.md.txtfiles fetched fromai.google.dev.\n - Boundary markers: Absent; the skill does not provide delimiters or instructions to ignore embedded commands within the fetched external data.\n
- Capability inventory: The agent uses its web fetching/browsing tool to retrieve external data for processing.\n
- Sanitization: Absent; there are no instructions to validate, escape, or filter the external content before the agent processes it.
Audit Metadata