Skills
skills/melodic-software/claude-code-plugins/gemini-cli-execution/Gen Agent Trust Hub

gemini-cli-execution

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • COMMAND_EXECUTION (HIGH): The skill documentation encourages the use of the --yolo (or -y) flag, described as 'Auto-approve all tool calls'. This configuration removes security boundaries by allowing the AI to execute arbitrary shell commands via the CLI without requiring human confirmation, which can be exploited to run malicious code.
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill provides usage patterns for executing package managers (npm install) via the CLI. In conjunction with the auto-approval (--yolo) flag, this creates a high-risk path for the silent installation of malicious dependencies or remote scripts.
  • PROMPT_INJECTION (LOW): Indirect Prompt Injection vulnerability surface detected. Untrusted external data is piped directly into the CLI tool without sanitization or boundary markers.
  • Ingestion points: cat logs.txt | gemini, cat src/*.ts | gemini (SKILL.md).
  • Boundary markers: Absent; file content is concatenated directly with the prompt.
  • Capability inventory: Bash tool, tool execution via the gemini command (SKILL.md).
  • Sanitization: Absent.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:32 PM