Skills
skills/richfrem/agent-plugins-skills/gemini-cli-agent/Gen Agent Trust Hub

gemini-cli-agent

Pass

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill mentions the installation of @google/gemini-cli via npm. This package is maintained by Google, which is a recognized trusted organization.
  • [COMMAND_EXECUTION]: The skill executes the gemini command using the Bash tool to process information. This execution is the core functionality and is used to pipe data for external analysis.
  • [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection as it processes external files for tasks like security audits and QA scans.
  • Ingestion points: Untrusted data enters the context through files passed as input to the CLI via shell redirection.
  • Boundary markers: The skill includes explicit instructions for the model to 'Do NOT use tools' and 'Do NOT search filesystem', creating a restricted sub-agent context.
  • Capability inventory: The agent has access to Bash, Read, and Write tools.
  • Sanitization: There is no evidence of automated sanitization or filtering of the input content before it is processed by the CLI.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 6, 2026, 03:24 AM