gemini
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill requires installing
google-generativeaivia pip. This is a trusted source (Google/Google-Gemini), downgrading the download risk per safety protocols. - [COMMAND_EXECUTION] (LOW): The skill uses shell commands to interact with the
geminiCLI. This is the intended operational mode for this skill. - [PROMPT_INJECTION] (MEDIUM): The skill exhibits a significant Indirect Prompt Injection surface (Category 8).
- Ingestion points: Processes local files (via
cat) and web search results. - Boundary markers: Absent. Content is interpolated directly into prompts (e.g.,
cat document.txt | gemini ... "Summarize this"). - Capability inventory: Sends data to an external API and outputs results to the agent.
- Sanitization: None detected. An attacker could embed malicious instructions in a file being analyzed to hijack the agent's behavior or exfiltrate data from the conversation context to the LLM output.
- [DATA_EXFILTRATION] (INFO): By design, this skill transmits local file content and user prompts to Google's cloud infrastructure. Users should ensure they do not pipe sensitive or PII-containing files into the tool.
Audit Metadata