research
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill utilizes the
geminibash command with a dynamically generated search prompt:gemini -m gemini-2.5-flash -p "...your search prompt...". There is no evidence of sanitization for shell metacharacters (e.g.,;,&,|), which could lead to arbitrary command execution if an attacker-controlled input influences the search prompt. - PROMPT_INJECTION (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) due to its data processing pipeline.
- Ingestion points: External content from
WebSearch,docs-seeker(GitHub), and the output of thegeminiresearch command. - Boundary markers: Absent. There are no specified delimiters or instructions for the agent to ignore instructions embedded within the research data.
- Capability inventory: File system write access (
./plans/directory) and bash command execution (gemini). - Sanitization: Absent. External data is analyzed and synthesized into a markdown report without explicit escaping or validation steps.
Audit Metadata