gemini
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- Data Exposure (HIGH): The skill explicitly instructs and provides examples for copying sensitive files (e.g.,
~/.bashrc) into the project workspace. This exposes sensitive user configuration and potential credentials to any tool or agent operating within the workspace. - Indirect Prompt Injection (LOW): The skill ingests untrusted data from the workspace and external commands (e.g.,
git diff) and pipes it directly into the Gemini model. Evidence Chain: 1. Ingestion points: Workspace files and git command output in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory:Bash(gemini:*),Bash(cp:*),Bash(rm:*),Bash(mkdir:*). 4. Sanitization: Absent. - Command Execution (MEDIUM): The skill enables powerful file manipulation tools (
cp,rm) and thegeminiCLI, which are used to handle sensitive data in ways that increase the overall attack surface.
Recommendations
- AI detected serious security threats
Audit Metadata