Skills
skills/cexll/myclaude/gemini/Gen Agent Trust Hub

gemini

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION] (SAFE): The script scripts/gemini.py executes the 'gemini' binary using subprocess.Popen with an argument list rather than a shell string. This effectively prevents shell injection vulnerabilities.
  • [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection (Category 8).
  • Ingestion points: Untrusted data enters the skill via the prompt argument in scripts/gemini.py.
  • Boundary markers: None. The prompt is passed directly to the CLI argument without delimiters or 'ignore' instructions.
  • Capability inventory: The skill has the capability to execute external commands (subprocess.Popen) and read/write to the filesystem via the workdir parameter.
  • Sanitization: There is no escaping or validation of the input prompt before it is passed to the Gemini model.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 05:44 PM