gemini

SUSPICIOUS: The skill’s capabilities mostly match its stated Gemini-assistant purpose, but it introduces a non-official wrapper layer (x-cmd) for API key handling and request routing. The same-org installer evidence lowers concern from malicious to medium risk, yet the combination of download-execute install patterns, credential forwarding to wrapper tooling, and broad file/git-diff upload capability makes the trust footprint larger than a minimal Gemini integration.