gemini-json-parsing
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (LOW): The skill contains a mandatory instruction block using directive language ('STOP', 'INVOKE', 'EXCLUSIVELY') to constrain agent behavior to specific documentation sources. While intended for accuracy, this serves as a prompt override.\n- [COMMAND_EXECUTION] (SAFE): Provides standard templates for processing structured data with Bash and jq. The commands are task-appropriate and do not contain malicious patterns or privilege escalation attempts.\n- [INDIRECT_PROMPT_INJECTION] (LOW): The skill creates a data ingestion surface for external tool output. (1) Ingestion point: output from the
geminiCLI tool; (2) Boundary markers: absent in the provided processing scripts; (3) Capability inventory: involves Bash tool execution and file reading; (4) Sanitization: no escaping or sanitization of the CLI response content is specified before it is returned to the agent context.
Audit Metadata