Skills
skills/superconductor/superconductor-plugin-marketplace/gemini-consultation/Gen Agent Trust Hub

gemini-consultation

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION] (HIGH): The documentation promotes the use of npx -y superconductor-gemini-skills. This command downloads and executes code from an unverified NPM package at runtime. Since the package is not from a trusted organization, this represents an arbitrary code execution risk on the user's system.
  • [PROMPT_INJECTION] (HIGH): The skill is designed for indirect prompt injection via external file processing.
  • Ingestion points: Untrusted PDF and image files provided via the --file argument.
  • Boundary markers: Absent. There are no delimiters or instructions to treat file content as untrusted data.
  • Capability inventory: The skill possesses network access (sending data to Google Gemini) and its output influences the agent's context.
  • Sanitization: Absent. Content is passed directly to the model.
  • [COMMAND_EXECUTION] (MEDIUM): The skill executes shell scripts and npx commands. If the input "YOUR QUESTION" or the --file path is not strictly sanitized by the underlying script, it could allow for local command injection.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 09:43 AM