gemini-peer-review
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes a local Python script
gemini-review.pyand utilizespython3 -cfor parsing API responses. These commands are transparently defined and serve legitimate functional purposes. - [EXTERNAL_DOWNLOADS]: Interacts with the well-known Google Gemini API at
generativelanguage.googleapis.com. These connections are necessary for the skill's primary function. - [DATA_EXFILTRATION]: Transmits user-selected code content to Google's API to facilitate analysis. This data flow is central to the skill's utility and is performed over secure channels to a trusted vendor.
- [SAFE]: Exhaustive analysis of the skill's logic, scripts, and documentation revealed no evidence of obfuscation, persistence mechanisms, or unauthorized privilege escalation.
Audit Metadata