dev-scan
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill executes the 'gemini' CLI tool with user-provided topic interpolation in a bash-like block. While 'gemini' is a standard tool, the lack of explicit sanitization or quoting for the {TOPIC} variable within the command string represents a minor risk if the execution environment does not handle shell meta-characters securely.
- [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it retrieves and processes untrusted data from community forums. 1. Ingestion points: Content from Reddit, Hacker News, Dev.to, and Lobsters (via WebSearch and gemini CLI). 2. Boundary markers: Absent; the instructions do not include delimiters or warnings for the agent to ignore instructions embedded within the retrieved forum posts. 3. Capability inventory: Uses gemini CLI for retrieval and performs text synthesis. 4. Sanitization: Absent; there is no evidence of filtering or escaping external content before it is processed by the model.
Audit Metadata