Skills
skills/yeachan-heo/oh-my-codex/ask-gemini/Gen Agent Trust Hub

ask-gemini

Warn

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local system commands using the omx and gemini binaries with user-provided arguments.
  • [COMMAND_EXECUTION]: The {{ARGUMENTS}} placeholder is interpolated directly into shell command strings (e.g., gemini -p "{{ARGUMENTS}}"). This lack of sanitization or escaping allows for command injection, where shell metacharacters such as ;, &&, or | could be used to execute arbitrary local commands.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its data ingestion surface.
  • Ingestion points: Untrusted data enters the context via the {{ARGUMENTS}} placeholder in SKILL.md.
  • Boundary markers: None are present to delimit user input or instruct the agent to ignore embedded instructions.
  • Capability inventory: The skill has subprocess execution capabilities (omx and gemini CLI calls).
  • Sanitization: No escaping or validation is performed on the external content before it is passed to the shell.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 4, 2026, 05:24 AM