gemini
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted external data such as entire codebases and documentation sets.
- Ingestion points: Data enters the context via the gemini command when analyzing directories or files specified in the prompt or via include-directories (found in SKILL.md).
- Boundary markers: Absent. No delimiters or safety warnings are suggested for input data to prevent the LLM from following instructions embedded in the code.
- Capability inventory: Uses gemini CLI with --approval-mode yolo which auto-approves all internal tools, which may include file system modification or further command execution (found in SKILL.md).
- Sanitization: Absent. No sanitization or validation of processed codebases is performed before execution.
- [COMMAND_EXECUTION]: The skill instructs the agent to execute multiple shell commands including gemini, ps, pkill, and timeout to perform analysis and manage process lifecycles.
Audit Metadata