gemini
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill executes a local Python script to interface with the Gemini CLI. This is the primary intended function and is performed using standard execution methods like
uv runorpython3. - PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection (Category 8) because it encourages passing untrusted data (e.g., file contents) directly into the prompt. Ingestion points: The
promptargument in the usage examples (e.g.,$(cat app.py)). Boundary markers: No delimiters or instructions to ignore embedded commands are specified. Capability inventory: The script facilitates execution of local commands and communication with external AI services. Sanitization: No input sanitization or validation is mentioned in the skill definition.
Audit Metadata