Skills
skills/yeachan-heo/oh-my-claudecode/ask-gemini/Gen Agent Trust Hub

ask-gemini

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the omc ask gemini command and a shell script ask-gemini.sh using user-provided input from the {{ARGUMENTS}} placeholder.
  • [COMMAND_EXECUTION]: The skill exhibits an Indirect Prompt Injection surface: 1. Ingestion points: Untrusted user input enters through the {{ARGUMENTS}} parameter. 2. Boundary markers: The arguments are wrapped in double quotes in the shell command, which provides basic shell protection but does not prevent command substitution (e.g., $(cmd)). 3. Capability inventory: The skill can execute local subprocesses and shell scripts. 4. Sanitization: No sanitization or validation of the user input is performed before it is passed to the execution environment.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 10:58 AM