Skills
skills/hiroro-work/claude-plugins/ask-gemini/Gen Agent Trust Hub

ask-gemini

Warn

Audited by Gen Agent Trust Hub on Mar 26, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides instructions for interacting with a local gemini CLI and highlights the -y and --yolo flags. These flags allow the tool to automatically execute shell commands or tool calls generated by the AI without human-in-the-loop verification, which bypasses a critical security boundary for local command execution.\n- [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection because it is designed to process untrusted external data (such as code for review or refactoring) and pass it to an LLM-powered CLI with execution capabilities.\n
  • Ingestion points: Prompts and local project files passed as positional arguments to the gemini command in the provided examples.\n
  • Boundary markers: None. There are no instructions or delimiters defined to prevent the underlying model from following malicious instructions embedded within the files being processed.\n
  • Capability inventory: The gemini CLI can execute shell commands, a capability exposed to the agent through the Bash tool permissions defined in the YAML frontmatter.\n
  • Sanitization: The skill does not implement or describe any validation or sanitization of the CLI's output before execution.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 26, 2026, 11:36 PM
Security Audit — agent-trust-hub — ask-gemini