content-goldmine-gemini
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The
bootstrap.shscript automates the installation ofpython3andgemini-cliif they are not detected. These components are retrieved from trusted repositories, including Homebrew, npm (@google/gemini-cli), and official system package managers like apt, dnf, and yum. - [COMMAND_EXECUTION]: The
bootstrap.shscript utilizessudo -nto perform non-interactive package installations. This allows the skill to set up the required environment efficiently, provided the execution environment permits passwordless sudo for these specific managers. - [COMMAND_EXECUTION]: The
process_goldmine.pyscript executes thegemini-clitool usingsubprocess.runwith a list of arguments. This method is a secure way to call external processes as it avoids shell interpretation and mitigates the risk of command injection through the prompt string. - [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection as it ingests and processes untrusted Markdown content from articles.
- Ingestion points: External Markdown files are read via the
read_articlefunction inprocess_goldmine.pyusing input paths provided by the user. - Boundary markers: No explicit delimiters or escaping mechanisms are used to isolate the untrusted article body from the instructions in the final prompt.
- Capability inventory: The skill can execute CLI tools (
gemini-cli) and perform file-write operations to the local filesystem. - Sanitization: The skill uses
resolve_path_in_projectto validate that all generated content is written within the project root, effectively preventing directory traversal attacks during the materialization of results.
Audit Metadata