Trust Assessment
gemini received a trust score of 85/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include Excessive Permissions via Auto-Approve (YOLO) Mode.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on July 1, 2026 (commit a4d31ad1). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Excessive Permissions via Auto-Approve (YOLO) Mode The skill instructions repeatedly direct the agent to use `--approval-mode yolo` (or `-y`) for background and automated tasks. This mode auto-approves all tool executions by the Gemini CLI. When Gemini is used to analyze untrusted codebases or external inputs, a prompt injection attack within those inputs could command the Gemini CLI to execute malicious tools (such as arbitrary command execution or file modification) without any user confirmation. Avoid recommending or using `--approval-mode yolo` for automated tasks, especially when processing untrusted inputs. Instead, use safer approval modes like `auto_edit` (which only allows file edits) or require explicit user confirmation for any tool execution. | LLM | SKILL.md:11 |
Scan History
Embed Code
[](https://skillshield.io/report/b9c9c2b8528e52cf)
Powered by SkillShield