Skills
skills/creator-hian/claude-code-plugins/gemini-cli/Gen Agent Trust Hub

gemini-cli

Fail

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The CLI provides a 'Shell Mode' (triggered by !) that allows the AI to execute arbitrary commands directly in the host shell (PowerShell on Windows or Bash on Linux/macOS).
  • [COMMAND_EXECUTION]: The skill includes a --yolo (or -y) flag that enables the 'Auto-approve all actions' mode, which allows the AI to perform dangerous operations like shell execution or file editing without requesting user permission.
  • [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection as it processes untrusted data from various sources and possesses high-privilege execution capabilities.
  • Ingestion points: Data enters the agent context through standard input (stdin), file content via @ commands, and directory context via the --include-directories flag.
  • Boundary markers: No explicit delimiters or instructions are used to separate untrusted data from the agent's instructions.
  • Capability inventory: Arbitrary shell execution (!), file modification (auto_edit mode), and API-based network access.
  • Sanitization: No input sanitization or validation mechanisms are identified in the documentation.
  • [EXTERNAL_DOWNLOADS]: The skill documentation references installing a CLI utility from the npm registry using npm install -g @anthropic-ai/gemini-cli.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 10, 2026, 01:39 AM