gemini
Fail
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The skill instructs the agent to use '--approval-mode yolo' or '-y' to 'auto-approve all tools'. This instruction bypasses the human-in-the-loop security model, which is a high-risk behavior when the agent has access to powerful CLI tools and untrusted data.
- PROMPT_INJECTION (LOW): The skill is designed to process 'entire codebases' and 'documentation sets', which are untrusted external inputs. This creates a significant surface for indirect prompt injection (Category 8). Mandatory Evidence Chain: 1. Ingestion points: 'entire codebases' and 'documentation sets' (SKILL.md). 2. Boundary markers: Absent in prompt templates. 3. Capability inventory: 'pkill', 'gemini' CLI tools with edit and execution capabilities. 4. Sanitization: Absent.
- COMMAND_EXECUTION (MEDIUM): The 'Troubleshooting' section provides commands like 'pkill -9 -f' for the agent to manage its own hung processes. Granting an agent the ability to kill processes based on name matching is a powerful capability that could be exploited to disrupt other system services.
Recommendations
- AI detected serious security threats
Audit Metadata