research
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute the gemini command-line tool via bash to perform searches. This tool is recognized as part of a trusted ecosystem (Google Gemini), though the dynamic construction of search queries requires the agent to be cautious of shell injection patterns.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it systematically gathers and processes information from external, untrusted sources such as web searches and GitHub repositories. Ingestion points: Data is collected from arbitrary web pages and GitHub README files via the WebSearch tool and docs-seeker skill. Boundary markers: The instructions do not define specific delimiters or instructions to ignore embedded commands for the ingested content. Capability inventory: The agent has the capability to execute shell commands (gemini) and write files to the local file system (./plans/ directory). Sanitization: There is no explicit requirement to sanitize or escape retrieved content before processing or reporting.
Audit Metadata