anti-gravity

Fail

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill encourages the execution of the agy command-line interface with various parameters, representing a significant command execution surface.
  • [COMMAND_EXECUTION]: Documentation includes and recommends the use of the --dangerously-skip-permissions flag, which explicitly instructs the agent to auto-approve tool permission requests, bypassing critical human-in-the-loop security controls.
  • [DATA_EXPOSURE]: The skill hardcodes specific local file paths (e.g., C:/Users/johno/.gemini/antigravity-cli/...), which discloses the username 'johno' and details of the local file system structure to the agent and potentially external logs.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it takes user-provided text and interpolates it directly into CLI commands (e.g., agy -p "prompt"). While it provides instructions for strict prompting, it lacks formal boundary markers or sanitization logic for the interpolated content.
  • [COMMAND_EXECUTION]: The skill provides patterns for shell-level manipulation such as reading from log files (grep -oE ...) and reading sensitive JSONL transcripts from local system paths.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 16, 2026, 04:53 PM
Security Audit — agent-trust-hub — anti-gravity