gemini-search

SUSPICIOUS: the core purpose is coherent, and the official Google Gemini CLI is a legitimate dependency, but the skill unnecessarily expands trust by requiring an unofficial third-party MCP bridge and broad Bash access. This creates medium supply-chain and credential-forwarding risk without evidence of confirmed malware.