gemini-delegation
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill processes untrusted local data via glob patterns (e.g., @src/**/*.py) and lacks boundary markers or sanitization. Malicious instructions within analyzed files could influence agent behavior or output. Evidence: File ingestion in the Quick Start section; capabilities include gemini command execution and file writing via redirection.
- COMMAND_EXECUTION (LOW): The skill requires the gemini CLI tool to be installed and executed. While this is the intended purpose, it grants the agent the ability to run shell commands which represents a capability that could be abused if the input is poisoned.
Recommendations
- AI detected serious security threats
Audit Metadata