Skills
skills/bytelandtechnology/gemini-cc/gemini-cli-runtime/Gen Agent Trust Hub

gemini-cli-runtime

Pass

Audited by Gen Agent Trust Hub on Apr 24, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill defines a command template that executes a local script using the Node.js runtime: node "${CLAUDE_PLUGIN_ROOT}/scripts/gemini-companion.mjs" task "<raw arguments>". This script is an internal component of the plugin's infrastructure.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection and shell command injection because it processes untrusted user data without explicit sanitization or escaping instructions.\n
  • Ingestion points: Untrusted data enters the agent's context through the <raw arguments> placeholder in the task command template, as specified in SKILL.md.\n
  • Boundary markers: While the template uses double quotes to wrap the arguments, it does not provide instructions for the agent to escape shell-sensitive characters (e.g., semicolons, backticks, or nested quotes) that could be used to break out of the command string.\n
  • Capability inventory: The skill facilitates subprocess execution via the node CLI.\n
  • Sanitization: The instructions do not specify any sanitization, filtering, or validation logic for the user-supplied task text before it is interpolated into the executable shell string.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 24, 2026, 08:11 AM