anti-gravity
Fail
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill encourages the execution of the
agycommand-line interface with various parameters, representing a significant command execution surface. - [COMMAND_EXECUTION]: Documentation includes and recommends the use of the
--dangerously-skip-permissionsflag, which explicitly instructs the agent to auto-approve tool permission requests, bypassing critical human-in-the-loop security controls. - [DATA_EXPOSURE]: The skill hardcodes specific local file paths (e.g.,
C:/Users/johno/.gemini/antigravity-cli/...), which discloses the username 'johno' and details of the local file system structure to the agent and potentially external logs. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it takes user-provided text and interpolates it directly into CLI commands (e.g.,
agy -p "prompt"). While it provides instructions for strict prompting, it lacks formal boundary markers or sanitization logic for the interpolated content. - [COMMAND_EXECUTION]: The skill provides patterns for shell-level manipulation such as reading from log files (
grep -oE ...) and reading sensitive JSONL transcripts from local system paths.
Recommendations
- AI detected serious security threats
Audit Metadata