ogt-cli-gemini
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill installs the
@google/gemini-clipackage via npm andgemini-clivia Homebrew. These are associated with a trusted organization (Google) according to the [TRUST-SCOPE-RULE], though users should still verify the package's integrity at install time. - [COMMAND_EXECUTION] (MEDIUM): The skill provides a wrapper for a CLI tool that has built-in capabilities to execute terminal commands. Specifically, the documentation mentions the
--yoloflag, which auto-approves tool calls. If the agent processes malicious instructions from an external source (indirect injection), it could execute arbitrary commands without user intervention. - [REMOTE_CODE_EXECUTION] (MEDIUM): The combination of 'Web Fetching', 'Google Search grounding', and 'Shell Commands' allows the agent to retrieve remote data and potentially execute it as code. This path is explicitly supported by the CLI's configuration.
- [UNVERIFIABLE_CODE] (MEDIUM): The skill references a script located at
{baseDir}/scripts/run-gemini-task.cjsfor sub-agent delegation. This file was not provided in the skill package for security auditing, making its actual behavior unverifiable. - [INDIRECT_PROMPT_INJECTION] (LOW):
- Ingestion points: The tool reads local files, project directories, and
GEMINI.mdfor context. - Boundary markers: No specific delimiters or safety warnings for the LLM are provided in the skill instructions.
- Capability inventory: Includes file-write, shell command execution, and network access.
- Sanitization: There is no evidence of input sanitization before passing project file content to the Gemini model.
Audit Metadata