magi-ex
Fail
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the
geminiCLI tool via a bash command using the--yoloflag. This flag is documented to auto-approve all tool calls requested by the Gemini model, bypassing user confirmation. This is high-risk as the model could be instructed to run arbitrary system commands if compromised by prompt injection. - [PROMPT_INJECTION]: User-provided arguments ($ARGUMENTS) are directly included in prompts sent to the Scientist, Mother, and Woman sub-agents. This creates a significant surface for prompt injection attacks, allowing a malicious user to override instructions or safety constraints.
- [REMOTE_CODE_EXECUTION]: The combination of user-controlled input and the
--yoloflag for tool call auto-approval effectively creates a path for remote code execution. An attacker could use prompt injection to induce the Gemini model to execute harmful tools or code on the local machine. - [DATA_EXFILTRATION]: The sub-agents are encouraged to read project files and have access to web search tools. A prompt injection could be used to read sensitive local data, such as environment variables or credentials, and then transmit that data externally via web search queries or command-line output.
Recommendations
- AI detected serious security threats
Audit Metadata