gemini-analyze

Pass

Audited by Gen Agent Trust Hub on Mar 28, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands using the Bash tool to perform file validation and analysis. Specifically, it uses cat to read the content of the target file and jq to parse JSON metadata from the result of the Gemini CLI execution. These operations are performed on user-specified file paths provided via the first argument ($1).
  • [EXTERNAL_DOWNLOADS]: The skill documentation instructs the user to install the @google/gemini-cli package via npm or Homebrew. This is a reference to an official tool from a well-known service provider used for its intended purpose.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8). It ingests untrusted data from local files through the cat "$1" command in SKILL.md. This data is piped directly into the gemini CLI prompt without any boundary markers or sanitization to distinguish between the instructions and the code being analyzed. While the skill's capabilities are focused on generating a report for the user, an attacker could embed malicious instructions in a file that trick the agent into providing biased, incorrect, or deceptive analysis. Ingestion points: cat "$1" in SKILL.md. Boundary markers: None. Capability inventory: Read and Bash tools in SKILL.md. Sanitization: None.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 28, 2026, 05:24 AM
Security Audit — agent-trust-hub — gemini-analyze