gemini-cli-security
Warn
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: Obfuscation using hex escapes was detected in the scripts/main.cjs file. Specifically, the string 'eval' is constructed using the escape sequence \x76 (e.g., e\x76al) within regular expression patterns. This technique is typically employed to evade static analysis security controls.\n- [PROMPT_INJECTION]: The skill possesses a high-risk surface for indirect prompt injection. It is designed to read and analyze untrusted code from a user-specified target directory and return snippets of that code directly to the agent's context.\n
- Ingestion points: The scripts/main.cjs script reads files from the directory provided via the target argument using fs.readFileSync.\n
- Boundary markers: No delimiters or boundary markers are used in the generated Markdown report to separate untrusted code snippets from the report instructions.\n
- Capability inventory: The skill is granted access to the Bash, WebFetch, Read, Write, Glob, and Grep tools.\n
- Sanitization: There is no evidence of sanitization or escaping of the content read from files before it is included in the output report provided to the agent.\n- [COMMAND_EXECUTION]: The skill provides the ability to execute shell commands using the Bash tool and runs its own primary logic via a Node.js script. While it aims to detect command injection in other code, the broad access to local files combined with shell capabilities creates a potential risk if filenames or paths are attacker-controlled.\n- [EXTERNAL_DOWNLOADS]: The skill is configured to interact with the OSV.dev API (https://api.osv.dev/v1/querybatch) for dependency scanning. This is a well-known and trusted service for vulnerability data provided by Google.
Audit Metadata