gemini
Pass
Audited by Gen Agent Trust Hub on Apr 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a bundled shell script (scripts/run-cursor.sh) which subsequently invokes the Cursor CLI tool to perform autonomous tasks. Evidence is found in the execution logic in SKILL.md and the command array construction in the shell script.
- [PROMPT_INJECTION]: The skill implements a transparent proxy pattern for user input to an agentic CLI tool, constituting a surface for indirect prompt injection. Ingestion points: raw user input is captured via the /gemini command and piped to the execution script. Boundary markers: no delimiters or isolation instructions are used to encapsulate the user prompt from the agent's operation. Capability inventory: the use of --force and --trust flags grants the Cursor agent high-privilege access to the local file system and environment without further user confirmation. Sanitization: the input string is not validated, filtered, or escaped before being processed by the underlying autonomous agent.
Audit Metadata