Gemini CLI
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill requires the installation of the @google/gemini-cli npm package. \n
- Evidence: npm install -g @google/gemini-cli in README.md. \n
- Source Status: The @google scope is a trusted organization; the finding is downgraded per [TRUST-SCOPE-RULE]. \n- PROMPT_INJECTION (LOW): The skill facilitates the ingestion of untrusted local data (source code) into an LLM context, which constitutes an indirect prompt injection surface. \n
- Ingestion points: README examples demonstrate piping file content (e.g., cat src/auth.ts | gemini) and project-wide scanning using the --all-files flag. \n
- Boundary markers: Delimiters are absent from the documented usage patterns and CLI command templates. \n
- Capability inventory: The gemini CLI tool performs network operations to Google APIs and reads local filesystem content. \n
- Sanitization: No sanitization or escaping of the ingested code files is performed before processing.
Audit Metadata