gemini-search
Fail
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The documentation instructs users to install
@anthropic-ai/gemini-cli. This is a critical security red flag as Gemini is a Google product, not an Anthropic one. This discrepancy is a strong indicator of a dependency confusion or typosquatting attack targeting users who expect official tools. - [EXTERNAL_DOWNLOADS] (MEDIUM): The skill is installed from an untrusted personal GitHub repository (
rajivmehtaflex/gemini-search-skill) rather than a verified organization. - [COMMAND_EXECUTION] (LOW): The skill executes a shell script (
scripts/search.sh) that triggers thegeminiCLI. While the script uses double-quotes to prevent basic shell breakout, it remains a surface for executing system-level commands based on model output. - [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection (Category 8).
- Ingestion points: User-provided search queries are passed directly into the execution command in
SKILL.mdandsearch.sh. - Boundary markers: Absent. There are no delimiters or instructions to help the agent distinguish between a search query and embedded malicious instructions.
- Capability inventory: The skill possesses the capability to execute shell commands and access the network via the
geminiCLI. - Sanitization: None detected. The raw query string is interpolated directly into the command line.
Recommendations
- AI detected serious security threats
Audit Metadata