gemini
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill leverages the Homebrew package manager to install the 'gemini-cli' formula, which is a common utility for interacting with Google's Gemini API.
- [COMMAND_EXECUTION]: The skill executes the 'gemini' command-line binary to perform model queries and manage tool extensions.
- [PROMPT_INJECTION]: The skill passes user-provided prompts directly to the CLI tool, creating an indirect prompt injection surface where malicious instructions in input data could potentially influence agent behavior.
- Ingestion points: User input is passed as a positional argument to the 'gemini' command in SKILL.md.
- Boundary markers: Usage examples demonstrate wrapping prompt input in double quotes.
- Capability inventory: The skill executes the 'gemini' binary and provides access to its extension management system.
- Sanitization: No explicit input sanitization or filtering is performed by the skill itself before passing data to the CLI tool.
Audit Metadata