Gemini CLI
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation instructs the installation of the official
@google/gemini-clipackage from NPM, a well-known registry from a trusted organization. - [COMMAND_EXECUTION]: Included bash scripts (
setup-slash-command.sh,test-connection.sh) use standard commands to manage local configuration files and verify tool availability without escalating privileges. - [DATA_EXFILTRATION]: Local code content and logs are transmitted to Google's Gemini service for analysis. This is the primary intended function and utilizes an authenticated, official vendor CLI.
- [PROMPT_INJECTION]: The skill faces indirect injection risks. 1. Ingestion points: local code files, diffs, and log files. 2. Boundary markers: AI-to-AI prompting headers are utilized. 3. Capability inventory: subprocess execution of the gemini CLI tool. 4. Sanitization: contents are piped directly without pre-processing filters.
Audit Metadata