Skills
skills/wanshuiyin/auto-claude-code-research-in-sleep/gemini-search/Gen Agent Trust Hub

gemini-search

Fail

Audited by Gen Agent Trust Hub on May 4, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The CLI fallback procedure in Step 2 constructs a shell command by directly interpolating the user-provided QUERY variable into a string passed to gemini -p. This lacks proper escaping or sanitization, allowing an attacker to execute arbitrary shell commands by including shell metacharacters such as double quotes and semicolons in their search query (e.g., "paper\" ; malicious_command ; #").
  • [EXTERNAL_DOWNLOADS]: The documentation encourages the installation of gemini-mcp-tool from an unverified GitHub repository (jamubc/gemini-mcp-tool), which poses a potential supply chain risk as it is not an official or verified source.
  • [REMOTE_CODE_EXECUTION]: The command injection vulnerability in the shell execution path allows for arbitrary code execution. Since the skill is designed to run in environments with Bash(*) capabilities, an attacker who can influence the search query can run arbitrary commands with the permissions of the agent.
  • [DATA_EXFILTRATION]: The skill instructs users to store their GEMINI_API_KEY in a local .env file. A successful command injection exploit could be used to read this file and exfiltrate the key or other sensitive local data to an external server.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 4, 2026, 10:30 AM