gemini

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Gemini API helper for RunAPI; the main risk is ordinary third-party data sharing, not hidden or malicious behavior.

Install only if you are comfortable sending the content you provide to RunAPI and Google-backed Gemini services. Use a revokable or scoped RunAPI token where possible, avoid secrets, regulated personal data, or confidential files unless you intend to transmit them, and be careful when exporting GOOGLE_GENAI_BASE_URL because it can route Gemini SDK or CLI traffic through RunAPI.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill repeatedly instructs users to send prompts, messages, and image URLs/data to RunAPI-hosted Gemini endpoints, but it does not warn that user content will leave the local environment and be transmitted to a third-party service. In an agent setting, this can cause inadvertent disclosure of sensitive prompts, attachments, or contextual data if the operator assumes the skill is purely local or equivalent to a built-in model provider.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal