security-audit
Warn
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill contains commands to download and install a remote extension from an unverified GitHub repository (
https://github.com/gemini-cli-extensions/security) using thegemini extensions installcommand as seen inreferences/gemini-analysis.mdandreferences/tool-installer.md. - [EXTERNAL_DOWNLOADS]: The skill provides installation commands for several external security tools, including
gitleaks,trivy, and the@google/gemini-clivia various package managers. - [COMMAND_EXECUTION]: The skill makes extensive use of the
Bashtool to run complex shell scripts for project detection, dependency auditing, and pattern-based secret scanning across the filesystem. - [DATA_EXFILTRATION]: The skill is explicitly designed to search for and read highly sensitive information, including
.envfiles, SSH keys, cloud credentials, and API tokens. It transmits this data to external AI services for analysis during the Gemini AI security check. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its processing of local project files.
- Ingestion points: The skill reads source code, configuration files, and repository documentation to perform SAST and AI-powered scans (
references/sast.md,references/gemini-analysis.md). - Boundary markers: No explicit delimiters or instructions to ignore embedded directives are used when passing raw file content to the
gemini prompt "/security:analyze"command. - Capability inventory: The skill possesses extensive capabilities including
Bashfor shell execution,Writefor file modification, andWebFetchfor network access. - Sanitization: Input from the repository files is not sanitized, escaped, or validated before being interpolated into prompts for AI analysis.
Audit Metadata