gemini-analyzer
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- Command Execution (HIGH): The skill instructs the agent to format and execute shell commands by interpolating user-provided text into the Gemini CLI prompt argument (
-p). This creates a significant risk of shell command injection if the user input contains metacharacters such as semicolons, pipes, or backticks. - External Downloads (SAFE): The skill utilizes the
gemini-clitool. According to the [TRUST-SCOPE-RULE], thegoogle-geminiorganization is a trusted source, so the dependency itself is considered safe. - Indirect Prompt Injection (LOW): The skill ingests untrusted data from the local codebase which could contain malicious instructions. Ingestion points: The
--all-filesflag causes the tool to read the entire codebase into the context. Boundary markers: There are no markers or warnings to prevent the agent from following instructions embedded in the codebase. Capability inventory: The skill can execute shell commands and read file contents. Sanitization: The skill does not perform any sanitization or escaping of the codebase content or the user's request parameters.
Recommendations
- AI detected serious security threats
Audit Metadata