gemini-extension-development
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOW
Full Analysis
- [Prompt Injection] (SAFE): No patterns detected that attempt to override AI instructions or bypass safety filters.
- [Data Exposure & Exfiltration] (SAFE): No sensitive file paths, hardcoded credentials, or network operations found. The skill only uses read-only tools like Read, Glob, and Grep.
- [Obfuscation] (SAFE): No encoded strings, homoglyphs, or hidden characters detected.
- [Unverifiable Dependencies & RCE] (SAFE): Mentions legitimate Google SDKs (google-genai) and standard CLI commands. No remote execution or untrusted package installation patterns present.
- [Indirect Prompt Injection] (SAFE): The skill does not process untrusted external data; it provides static documentation and delegates queries to another skill (gemini-cli-docs).
- [Persistence Mechanisms] (SAFE): No attempts to modify system configurations, shell profiles, or startup tasks identified.
Audit Metadata