ask-gemini
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill grants access to the
geminiCLI via a broad Bash allowance (gemini *). While intended for development assistance, this tool possesses the capability to modify files and execute local system commands. - Indirect Prompt Injection (LOW): The skill is vulnerable to indirect prompt injection attacks because it processes external data through the Gemini CLI without sanitization.
- Ingestion points: Positional prompt arguments in
SKILL.mdare passed directly to thegeminicommand. - Boundary markers: Absent. There are no delimiters or instructions to ignore embedded commands within the input string.
- Capability inventory: The skill allows full use of the
geminiCLI, which supports tool execution and local file access. - Sanitization: Absent. Input is interpolated into a shell command without escaping or validation.
- EXTERNAL_DOWNLOADS (SAFE): The skill requires the
geminiCLI to be pre-installed. The officialgoogle-gemini/gemini-cliis a trusted source, and the skill does not perform any unverified downloads at runtime.
Audit Metadata