gemini
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection attacks because it processes user-provided input strings directly through the Gemini CLI.\n
- Ingestion points: Data enters the agent context through positional prompt arguments passed to the
geminicommand as seen in SKILL.md.\n - Boundary markers: There are no explicit delimiters or boundary markers specified in the documentation to isolate external content from system instructions.\n
- Capability inventory: The skill utilizes the
geminicommand-line utility for text generation and analysis.\n - Sanitization: No sanitization, filtering, or validation of user-provided prompts is implemented or suggested.\n- [COMMAND_EXECUTION]: The skill executes the
geminibinary on the system to perform its primary functions. This is the intended behavior for the skill's operational purpose.
Audit Metadata