Skills
skills/takuan-osho/ccmarketplace/gemini-search/Gen Agent Trust Hub

gemini-search

Pass

Audited by Gen Agent Trust Hub on May 4, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to perform web searches by executing the gemini CLI tool through the system's Bash environment.\n
  • Evidence: Usage example gemini --prompt "WebSearch: <query>" in SKILL.md.\n
  • Context: The gemini CLI is an official utility for Google's Gemini models.\n- [COMMAND_EXECUTION]: An indirect command injection surface is present where user-controlled strings are interpolated into shell commands.\n
  • Ingestion points: The <query> placeholder in SKILL.md is populated with arbitrary text from user search requests.\n
  • Boundary markers: The query is enclosed in double quotes in the bash command, providing minimal protection against shell metacharacters.\n
  • Capability inventory: The skill relies on the Bash tool for its primary functionality, providing an execution path for potential injection.\n
  • Sanitization: There are no instructions to sanitize, validate, or escape the <query> content before it is processed by the shell.
Audit Metadata
Risk Level
SAFE
Analyzed
May 4, 2026, 10:18 AM