Skills
skills/chen-ye/cye-agent-skills/Gemini Extension Authoring/Gen Agent Trust Hub

Gemini Extension Authoring

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface. The MAINTENANCE.md file defines an automated update protocol that instructs the agent to browse an external website (https://geminicli.com/docs/extensions/) and update the skill's own instructions, schemas, and examples based on the findings.
  • Ingestion points: MAINTENANCE.md (web browsing and spidering of geminicli.com).
  • Boundary markers: Absent; the agent is told to "comprehensively verify" and "fix" discrepancies, implying direct adoption of external content into its logic.
  • Capability inventory: MAINTENANCE.md (writing/updating local files via the "fix them" instruction), SKILL.md (defining hooks and MCP servers that execute local shell commands).
  • Sanitization: Absent; there is no validation or escaping specified for the external content before it is used to update the skill.
  • [COMMAND_EXECUTION] (LOW): The skill provides documentation and examples for creating extensions that execute arbitrary shell commands via 'hooks' and 'MCP servers'.
  • Evidence: SKILL.md, references/hooks-schema.md, and references/extension-schema.md all describe how to configure local script execution using the ${extensionPath} variable.
  • Risk: While the skill itself is instructional, it facilitates the creation of powerful local execution environments that could be abused if an extension author includes malicious scripts.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:37 PM