CtrlK
BlogDocsLog inGet started
Tessl Logo

x-gemini

Direct Google Gemini bridge via the Antigravity (agy) CLI — uses Google Ultra subscription (no API key), opt-in Google Search grounding (via `--grounded`), and gemini-3.x models without the OpenCode layer

68

Quality

Does it follow best practices?

Impact

No eval scenarios have been run

SecuritybySnyk

Critical

Do not install without reviewing

SKILL.md
Quality
Evals
Security

Security

1 critical severity finding. Installing this skill is not recommended: please review these findings carefully if you do intend to do so.

Critical

E006: Malicious code pattern detected in skill scripts

What this means

Detected high-risk code patterns in the skill content — including its prompts, tool definitions, and resources — such as data exfiltration, backdoors, remote code execution, credential theft, system compromise, supply chain attacks, and obfuscation techniques.

Why it was flagged

Malicious code pattern detected (high risk: 1.00). This wrapper intentionally exposes unrestricted remote code execution and data-exfiltration-capable features (notably --yolo granting shell access, --add-dir mounting arbitrary dirs, and env flags X_AGY_AUTO_TRUST / X_AGY_NO_LOG to bypass prompts and hide logs), which can be abused to read sensitive files and send them to external model services.

Report incorrect finding
Repository
quangtran88/x-skills
Audited
Security analysis
Snyk

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.