gemini-cli-security
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [OBFUSCATION]: The execution script
scripts/main.cjsutilizes hex escapes to encode the string 'eval' as 'e\x76al' within its vulnerability detection regexes.\n - Evidence: Multiple patterns in
scripts/main.cjssuch aspattern: /e\\x76al\\s*\\([^)]*(?:req|user|input|param)/giuse this encoding method.\n- [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted code from local directories and outputs snippets in its report, creating a surface for indirect prompt injection.\n - Ingestion points: Files are read from the target directory using
fs.readFileSyncinscripts/main.cjs.\n - Boundary markers: No delimiters or 'ignore' instructions are used when presenting extracted code snippets to the agent.\n
- Capability inventory: The skill employs the
Bash,Read,Write, andWebFetchtools.\n - Sanitization: Extracted snippets are included in the output without validation, escaping, or filtering for malicious instructions.\n- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill makes network requests to the well-known OSV.dev service to retrieve dependency vulnerability data.\n
- Evidence: Uses
WebFetchto queryhttps://api.osv.dev/v1/querybatchas documented inSKILL.mdandscripts/main.cjs.
Audit Metadata