gemini-cli
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill orchestrates the 'gemini' CLI using the Bash tool. It specifically promotes the '--yolo' or '-y' flags to auto-approve all tool calls made by the Gemini model, which can include file modifications and system commands.- PROMPT_INJECTION (MEDIUM): In 'SKILL.md' and 'patterns.md', the instructions advise using 'forceful language' such as 'Do this without asking for confirmation' and 'Apply now' to bypass Gemini's safety/planning prompts. This is a deliberate attempt to override the secondary AI's interaction guardrails.- EXTERNAL_DOWNLOADS (LOW): The README recommends installing '@google/gemini-cli' via npm. Under [TRUST-SCOPE-RULE], this is classified as LOW because 'google' is a trusted organization, but it still involves installing external executable code.- DATA_EXFILTRATION (LOW): The skill enables Gemini's 'google_web_search' and 'web_fetch' tools. These tools transmit data (queries and URLs) to external services. While part of the intended functionality, it constitutes a data exposure vector.- INDIRECT_PROMPT_INJECTION (LOW): The skill possesses a significant injection surface by ingesting data from web searches and large-scale codebase analysis ('codebase_investigator'). Malicious instructions embedded in external web content or project files could potentially influence the agent's actions, particularly when 'YOLO' mode is enabled.
Audit Metadata