Direct Google Gemini bridge via the Antigravity (agy) CLI — uses Google Ultra subscription (no API key), opt-in Google Search grounding (via `--grounded`), and gemini-3.x models without the OpenCode layer
68
—
Does it follow best practices?
Impact
—
No eval scenarios have been run
Critical
Do not install without reviewing
Security
1 critical severity finding. Installing this skill is not recommended: please review these findings carefully if you do intend to do so.
Detected high-risk code patterns in the skill content — including its prompts, tool definitions, and resources — such as data exfiltration, backdoors, remote code execution, credential theft, system compromise, supply chain attacks, and obfuscation techniques.
Malicious code pattern detected (high risk: 1.00). This wrapper intentionally exposes unrestricted remote code execution and data-exfiltration-capable features (notably --yolo granting shell access, --add-dir mounting arbitrary dirs, and env flags X_AGY_AUTO_TRUST / X_AGY_NO_LOG to bypass prompts and hide logs), which can be abused to read sensitive files and send them to external model services.
6381b15
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.