gemini-cli-docs

Fail

Audited by Snyk on Jun 23, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E004: Prompt injection detected in skill instructions.

  • Potential prompt injection detected (high risk: 0.90). The prompt includes a hidden, out-of-band directive ("CRITICAL: grep references/ for keywords before answering") that instructs the agent to perform an action outside the documented Gemini CLI content, so it is a prompt injection.

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.70). The list mixes many legitimate vendor and Google-hosted docs with several potentially risky items—direct .exe/.zip/binary download links from GitHub releases, unknown or low-reputation GitHub user repos, personal/run.app and other custom hosting domains (and many localhost/internal endpoints) — all common malware distribution vectors—so the overall set should be treated as suspicious until each download/source is verified.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The docs show MCP servers are connected at runtime and can inject executable tools (for example the admin/required MCP server examples point to https://api.mcp-provider.com and https://mcp.corp/compliance / https://registry.corp/mcp), which are runtime external endpoints that the agent contacts to discover and execute tools—so these URLs represent high-confidence runtime dependencies that can control prompts/tool execution.

Issues (3)

E004
CRITICAL

Prompt injection detected in skill instructions.

E005
CRITICAL

Suspicious download URL detected in skill instructions.

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jun 23, 2026, 07:08 PM
Issues
3
Security Audit — snyk — gemini-cli-docs