Skills
skills/nowork-studio/notfair/gemini/Gen Agent Trust Hub

gemini

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Utilizes git diff and git rev-parse to aggregate technical context and branch metadata from the local repository.
  • [COMMAND_EXECUTION]: Invokes the gemini command-line utility to perform analysis based on prompt s containing the gathered context and user inquiries.
  • [EXTERNAL_DOWNLOADS]: Recommend s the installation of the @google/gemini-cli package via npm, which is a resou rce from a well-known organization.
  • [PROMPT_INJECTION]: The skill ingest s untrusted data from the local file system (via git diff) and user question s, interpolating the m into analysis prompt s for Gemini. This create s a surface for indirect prompt injection where maliciou s code base conten t could attempt to influence the review er's result s. Ingestion point: SKILL.md (Step 3). Boundary marker s: Absen t. Capability inventory: gemini command execution in SKILL.md. Sanitization: Absen t.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 03:22 AM
Security Audit — agent-trust-hub — gemini