gemini
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches the official Google Generative AI CLI package from the public npm registry.
- [DATA_EXFILTRATION]: Facilitates the transfer of local file content (including system logs and personal documents) to Google's Gemini API for analysis and summarization, which is the primary intended use case for this tool.
- [COMMAND_EXECUTION]: Includes commands to configure environment variables by modifying the shell configuration file (~/.zshrc) to persist API keys.
- [PROMPT_INJECTION]: Demonstrates processing of untrusted local file content through the LLM. While this presents an indirect prompt injection surface, it is an inherent characteristic of the tool's file-analysis capabilities.
- Ingestion points: Processes data from stdin, shell redirections, and standard file reads in SKILL.md.
- Boundary markers: Absent in the usage examples.
- Capability inventory: CLI tool executes network requests to Google API.
- Sanitization: None performed on the file content before transmission.
Audit Metadata