Skills
skills/ben2pc/g-claude-code-plugins/gemini-agent/Gen Agent Trust Hub

gemini-agent

Pass

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill extensively uses shell commands to interact with the gemini CLI, including management tasks like gemini update and gemini extensions install. It specifically instructs the use of --approval-mode yolo and auto_edit, which allow the agent to perform write operations and command execution without human intervention.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it is designed to ingest arbitrary external content (e.g., logs, source code) and pipe it into a sub-agent's prompt context via stdin.
  • Ingestion points: Found in SKILL.md through patterns involving piping data to the CLI (e.g., cat logs.txt | gemini -p).
  • Boundary markers: Although the reference templates in references/*.md use XML-like wrappers (e.g., <task>, <scope_guardrails>), these delimiters do not provide strong protection against instructions embedded within the untrusted input data.
  • Capability inventory: The gemini tool possesses broad capabilities including file modification and shell command execution.
  • Sanitization: There is no evidence of input validation or sanitization for the data processed through the pipeline.
Audit Metadata
Risk Level
SAFE
Analyzed
May 11, 2026, 03:34 AM