gemini-second-opinion
Fail
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The execution logic in SKILL.md is vulnerable to shell command injection. The $ARGUMENTS variable is interpolated directly into the Bash script within double quotes. If the execution environment performs string replacement for placeholders, an attacker can execute arbitrary shell commands by providing input containing command substitutions such as $(...) or backticks.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting untrusted data from the user or conversation context and passing it to an external LLM.
- Ingestion points: The $ARGUMENTS variable and broader conversation context.
- Boundary markers: Absent; untrusted content is not delimited or isolated from the instruction block.
- Capability inventory: The skill utilizes Bash execution and network communication via the gemini CLI.
- Sanitization: Absent; input is not validated or escaped before inclusion in the prompt string.
Recommendations
- AI detected serious security threats
Audit Metadata