gemini-researcher
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the
pbcopycommand via the shell to copy generated text to the macOS clipboard. It correctly utilizes a quoted heredoc (<<'PROMPT') to prevent the shell from interpreting any special characters within the generated content, which is a security best practice for handling dynamic text in shell commands. - [PROMPT_INJECTION]: The skill demonstrates an indirect prompt injection surface because it interpolates untrusted user data into a prompt intended for another LLM (Gemini Deep Research).
- Ingestion points: User-provided research requests enter the agent context in the instructions defined in
SKILL.md. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are included in the generated prompt.
- Capability inventory: The skill is capable of executing the
pbcopycommand via shell. - Sanitization: No sanitization or escaping of the user-provided research request is performed before interpolation. While this creates a path for indirect injection into the secondary LLM session, the skill itself possesses no sensitive permissions or network capabilities that could be compromised.
Audit Metadata