gemini-api
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFE
Full Analysis
- SAFE (SAFE): No security issues detected. The skill implements a transparent and functional interface for the Gemini REST API.
- Data Exposure (SAFE): Authentication is handled safely via the 'GEMINI_API_KEY' environment variable. No hardcoded secrets or sensitive file access patterns were found.
- Network Operations (SAFE): The skill only communicates with 'generativelanguage.googleapis.com', which is a trusted and official Google endpoint.
- Indirect Prompt Injection (SAFE): The skill processes user-supplied prompts and images as part of its primary function. Evidence: 1. Ingestion points: 'prompt' and 'image' arguments in 'scripts/gemini_api.py'. 2. Boundary markers: Inputs are encapsulated in JSON payloads. 3. Capability inventory: Network POST requests and local file writes (images) in 'scripts/gemini_api.py'. 4. Sanitization: Uses standard JSON serialization for all outbound data.
- Code Quality (SAFE): The Python script uses only standard library modules and performs basic error handling for network and file operations.
Audit Metadata