gemini-analyze
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands using the Bash tool to perform file validation and analysis. Specifically, it uses
catto read the content of the target file andjqto parse JSON metadata from the result of the Gemini CLI execution. These operations are performed on user-specified file paths provided via the first argument ($1). - [EXTERNAL_DOWNLOADS]: The skill documentation instructs the user to install the
@google/gemini-clipackage via npm or Homebrew. This is a reference to an official tool from a well-known service provider used for its intended purpose. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8). It ingests untrusted data from local files through the
cat "$1"command inSKILL.md. This data is piped directly into thegeminiCLI prompt without any boundary markers or sanitization to distinguish between the instructions and the code being analyzed. While the skill's capabilities are focused on generating a report for the user, an attacker could embed malicious instructions in a file that trick the agent into providing biased, incorrect, or deceptive analysis. Ingestion points:cat "$1"inSKILL.md. Boundary markers: None. Capability inventory:ReadandBashtools inSKILL.md. Sanitization: None.
Audit Metadata