gemini-cli

SUSPICIOUS. The skill is largely purpose-aligned and uses an official Google CLI from a legitimate source, so it is not malware. However, it normalizes automatic third-party consultation, including piping local code, logs, and possibly whole repositories to Gemini, which is broader data sharing than many users may expect and should require explicit consent in sensitive contexts.