gemini
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill specifies the installation of the
gemini-clitool using Homebrew, which is linked to the official Google AI developer documentation.\n- [COMMAND_EXECUTION]: The skill facilitates the execution of thegeminibinary to handle one-shot queries and manage extension commands.\n- [PROMPT_INJECTION]: The skill accepts untrusted user input as a direct argument for the Gemini CLI, creating a surface for indirect prompt injection.\n - Ingestion points: Positional prompt argument in the CLI execution path.\n
- Boundary markers: The example commands use double quotes, but the skill does not implement robust delimiters or instructions to ignore embedded prompts.\n
- Capability inventory: Subprocess execution of the
geminicommand-line utility.\n - Sanitization: Input is passed to the command line without apparent escaping or validation.
Audit Metadata