gemini-cli
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill documents the 'run_shell_command' tool and the '--yolo' (auto-accept) flag, which enables the model to execute arbitrary shell commands without manual confirmation.
- Evidence: 'run_shell_command' in
references/commands.md; '--yolo' flag inSKILL.mdandreferences/commands.md. - [REMOTE_CODE_EXECUTION]: The skill describes functionality for installing extensions from external URLs and configuring Model Context Protocol (MCP) servers that run executable commands or scripts.
- Evidence: 'gemini extension install ' and 'mcpServers' configuration in
references/mcp-and-extensions.md. - [PROMPT_INJECTION]: The skill details how to override the system prompt and identifies surfaces for indirect prompt injection through external data ingestion.
- Ingestion points: 'web_fetch', 'read_file', and '@' reference syntax in
references/commands.md. - Boundary markers: None documented.
- Capability inventory: 'run_shell_command', 'write_file', and extension installation.
- Sanitization: None documented.
- Evidence: '--system-prompt' flag in
references/commands.md; 'systemPrompt' field inreferences/configuration.md. - [EXTERNAL_DOWNLOADS]: The skill includes instructions to download and install the 'gemini-cli' package from npm and Homebrew, as well as extensions from GitHub repositories.
- Evidence: 'npm install -g @google/gemini-cli' in
SKILL.md.
Audit Metadata