investigate
Warn
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill reads local source code and passes it directly into AI prompts. It lacks boundary markers or sanitization, which could allow malicious code comments to influence the agent's logic.
- Ingestion points: Local source code files via
catand search results viarg. - Boundary markers: None identified.
- Capability inventory: Shell command execution (ripgrep, git, cat) and network access via the Gemini CLI.
- Sanitization: None provided.
- Data Exfiltration (LOW): The skill transmits local source code to an external AI service. While this is the intended functionality, it constitutes an exposure risk for sensitive intellectual property.
- External Downloads (LOW): Recommends installing
ripgrepvia Homebrew andgoogle-generativeaivia pip. These are considered trusted sources per [TRUST-SCOPE-RULE]. - Unverifiable Dependencies (MEDIUM): The skill uses a
geminicommand-line tool that is not a standard component of the recommendedgoogle-generativeaiPython library, indicating a dependency on an unverified or custom execution environment.
Audit Metadata