cross-fact-check
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill utilizes bash commands (
cat,gemini,echo) to read files and interact with the Gemini CLI tool. This is a functional requirement for the skill's stated purpose but represents a surface for command-line interaction. - [PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8). It ingests untrusted content from local files and incorporates it directly into prompts for Gemini Flash and Pro.
- Ingestion points: Document content retrieved via
cat <ファイルパス>in Step 2. - Boundary markers: Absent. The document content is piped directly into the CLI without delimiters or 'ignore' instructions.
- Capability inventory: The agent has the ability to execute shell commands and perform web searches (via Opus).
- Sanitization: None detected. The skill assumes the input file contains only data to be analyzed, not adversarial instructions.
Audit Metadata