gemini-config-management
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): The skill uses directive language ("MANDATORY", "STOP") to enforce grounding in official documentation through the
gemini-cli-docsskill. This is a defensive measure to ensure accuracy and does not attempt to bypass safety filters or extract system prompts. - Data Exposure (SAFE): While the skill discusses sensitive configuration paths like
~/.gemini/settings.jsonand~/.gemini/trustedFolders.json, it does so in an instructional context for user configuration. There are no patterns suggesting unauthorized access or hardcoded credentials. - Command Execution (SAFE): The skill lists tools like
ReadandGrepbut does not contain scripts that execute arbitrary shell commands or escalate privileges. References to shell execution are in the context of describing how the Gemini CLI handles 'Trusted Folders' security boundaries. - Remote Code Execution (SAFE): No external downloads or remote script executions were detected. It relies on internal skill delegation.
- Indirect Prompt Injection (LOW): The skill has a data ingestion surface via
Read,Glob, andGreptools which could potentially process untrusted content within configuration files. However, the skill lacks write or network capabilities, and its instructions explicitly mandate basing responses on official documentation, which serves as a grounding boundary.
Audit Metadata