gemini-analyzer

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The wrapper explicitly requires returning raw, unfiltered Gemini CLI output verbatim, which could include API keys, tokens, or passwords discovered in the codebase, so the LLM would end up outputting secrets directly.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). This skill instructs scanning "all files" and returning raw, unfiltered CLI output (including potentially sensitive files like environment variables or credentials) to an external Gemini process and therefore poses a high risk of unintended data exfiltration even though it contains no explicit backdoor code.