gemini-search
Fail
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill uses string interpolation to construct a shell command:
echo "<検索クエリ>" | gemini. Since the query is not escaped, shell metacharacters such as backticks, semicolons, or pipes can be used to execute arbitrary commands on the host system. - [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection (Category 8) as it processes untrusted web content.
- Ingestion points: Search results retrieved via the
geminiCLI inSKILL.md. - Boundary markers: Absent. The instructions do not use delimiters or provide a system warning to ignore instructions within the retrieved content.
- Capability inventory: Bash command execution and file system access.
- Sanitization: Absent.
Recommendations
- AI detected serious security threats
Audit Metadata