Gemini Web Search

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a straightforward wrapper for using the local Gemini CLI for web search, with no evidence of hidden persistence, exfiltration, or destructive behavior.

Install only if you are comfortable letting the agent invoke your local Gemini CLI for search. Prefer the bundled helper script, avoid pasting untrusted text into raw shell templates, and review what Gemini account or API credentials your local CLI is configured to use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Behavioral ASTexec() Call, eval() Call, Dynamic Import
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill instructs the agent to execute local shell commands, including interpolating a prompt into a command string and optionally wrapping it with `script -q -c`, without any explicit safety guardrails about handling untrusted input. If user-controlled text is inserted into the shell command template, this creates command-injection risk and also normalizes local command execution for routine queries, increasing the chance of unintended local side effects.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal