invoking-antigravity

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches the CLI installation script from https://antigravity.google/cli/install.sh. This source is an official domain belonging to Google.
  • [REMOTE_CODE_EXECUTION]: The installation instructions include piping a remote script to bash. This pattern is used to install the agy binary and is safe in this context as it originates from a trusted provider.
  • [COMMAND_EXECUTION]: The scripts/agy_auth_broker.py script utilizes pty.fork() and os.execv() to execute the CLI tool within a pseudo-terminal. This is a legitimate technique to automate the interactive OAuth process required for the tool to function in non-interactive agent environments.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 06:02 AM
Security Audit — agent-trust-hub — invoking-antigravity