gemini
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill passes arbitrary user-provided prompts directly to an external CLI tool, creating an attack surface where instructions embedded in data could influence the agent's behavior.
- Ingestion points: Prompt content is received via
sys.argv[1]inscripts/gemini.py. - Boundary markers: Absent; no delimiters are used to separate user instructions from input data.
- Capability inventory: The script executes the
geminiCLI command viasubprocess.Popeninscripts/gemini.py. - Sanitization: Absent; the prompt string is passed to the CLI without escaping or validation.
- [Command Execution] (SAFE): The script executes an external binary
geminiusingsubprocess.Popenwith a list of arguments, which effectively prevents shell injection even when processing arbitrary prompt strings.
Audit Metadata