gemini-cli-runtime

SUSPICIOUS: the skill is internally coherent as a thin Gemini forwarder, but it delegates nearly all work to an opaque local runtime and defaults to write-capable execution. No direct credential theft or explicit exfiltration is shown, yet the combination of blind delegation, raw stdout passthrough, and default write access creates medium security risk.