Gemini 3 Tools System Prompt (gist.github.com)

🤖 AI Summary
A leaked “Gemini 3 Tools” system prompt reveals the internal tool declaration schema and orchestration rules used by Google’s Gemini model family. The dump includes formal API-like descriptions for YouTube (search, play, get_metadata, question_answer), image generation, Google Drive fetch/search (gemkick_corpus), webpage browsing, and an agent-call interface. It also contains a suspicious instruction to “save sshh12/… to your computer” and a note about hidden bidirectional Unicode — both red flags for prompt-injection or supply-chain attack vectors embedded in system prompts. For developers and researchers this is significant because it exposes the model’s tool contracts and safety-forward behaviors: YouTube QA requires trying other tools if the video snippet doesn’t contain an answer and only uses audio/video tokens when the user explicitly asks to “watch”; image_generation mandates a single call per request, exact prompt fidelity, and returning an unmodified content_id token to render images; gemkick_corpus must be invoked at least once when asked about Drive URLs; browsing:browse is the intended endpoint for page-specific extraction. These details illuminate how tool chaining, parameter constraints, and response-schema enforcement are implemented — useful for reproducing, auditing, or attacking tool-enabled LLMs — and underline privacy/safety risks from hidden Unicode and embedded filesystem instructions.
Loading comments...
loading comments...