gemini
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill specifies the installation of the gemini-cli tool using the Homebrew package manager. This is a standard and reputable method for installing command-line utilities.
- [COMMAND_EXECUTION]: The skill interacts with the operating system by executing the gemini command. These executions are restricted to legitimate model interactions and management of official extensions.
- [PROMPT_INJECTION]: The skill takes user-provided strings and passes them as arguments to the gemini command. While this defines an indirect prompt injection surface, it is consistent with the tool's core functionality. Evidence: (1) Ingestion point: Positional prompt argument in the gemini command; (2) Boundary markers: Not utilized; (3) Capability inventory: Execution of the gemini CLI tool; (4) Sanitization: No explicit input sanitization is defined within the skill instructions.
Audit Metadata