gemini-watermark
Warn
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The
scripts/install.shscript downloads pre-built binaries and checksums from a third-party GitHub repository (easynote-cc/gemini-watermark-removal). While the script implements security checks, the binary originates from a source outside the trusted vendor list. - [COMMAND_EXECUTION]: The skill's operation involves executing a downloaded binary on the host system. Risk is partially mitigated by mandatory SHA256 verification and a security consent prompt in the installer.
- [PROMPT_INJECTION]: The skill processes untrusted image data, creating a potential surface for indirect injection if the processing binary is vulnerable. Evidence: 1. Ingestion points: Image files (SKILL.md). 2. Boundary markers: None. 3. Capability inventory: Execution of local binary. 4. Sanitization: Multi-stage detection algorithm (Spatial NCC, Gradient NCC, Variance Analysis) acting as a filter.
Audit Metadata