gemini
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/gemini.pyexecutes an external command namedgeminiusingsubprocess.Popen. By passing arguments as a list rather than a shell string, the skill effectively mitigates the risk of shell injection through the prompt or model parameters. The script also includes a feature to change the working directory usingos.chdir, which is handled safely through standard Python library functions. - [PROMPT_INJECTION]: The skill is a bridge to an external AI model, which creates a surface for indirect prompt injection if the data being analyzed contains malicious instructions.
- Ingestion points: Data enters the system via
sys.argv[1](prompt) andsys.argv[2](working directory) in thescripts/gemini.pyfile. - Boundary markers: The script does not implement delimiters or specific 'ignore instructions' markers when passing the user prompt to the Gemini CLI.
- Capability inventory: The skill has the capability to execute the
geminibinary and navigate the local filesystem via directory changes. - Sanitization: No input sanitization or escaping is performed on the prompt or the directory path before they are processed by the script.
Audit Metadata