Skip to content

chore(deps): update google-gemini/gemini-skills digest to cfac39e#688

Open
renovate[bot] wants to merge 2 commits into
mainfrom
renovate/google-gemini-gemini-skills-digest
Open

chore(deps): update google-gemini/gemini-skills digest to cfac39e#688
renovate[bot] wants to merge 2 commits into
mainfrom
renovate/google-gemini-gemini-skills-digest

Conversation

@renovate

@renovate renovate Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Update Change
google-gemini/gemini-skills digest c609019cfac39e

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • Between 12:00 AM and 03:59 AM, only on Monday (* 0-3 * * 1)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot added the dependencies label Jul 3, 2026
@toolhive-release-app

toolhive-release-app Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

🛡️ Skill Security Scan Results

❌ gemini-api-dev

  • Status: Failed
  • Findings: 14
  • Blocking: 7

Blocking issues:

  • [LLM_HARMFUL_CONTENT] (HIGH) The skill lists several model identifiers that do not correspond to any known Gemini API models, including 'gemini-3.5-flash', 'gemini-3.1-pro-preview', 'gemini-3.1-flash-lite-preview', 'gemini-3-pro-image-preview (Nano Banana Pro)', 'gemini-3.1-flash-image-preview (Nano Banana 2)', and 'gemini-3.1-flash-lite-image-preview (Nano Banana 2 Lite)'. These model names are fabricated and do not exist in the Gemini API as of any known release. The skill also falsely declares real, current models like 'gemini-2.0-' and 'gemini-1.5-' as 'legacy and deprecated', which is misleading. This constitutes harmful/misleading content that would cause developers to use non-existent API endpoints and abandon working ones, resulting in broken applications. The informal codenames ('Nano Banana Pro', 'Nano Banana 2') further suggest fabricated content. (SKILL.md)
  • [LLM_PROMPT_INJECTION] (HIGH) The SKILL.md contains an explicit instruction override directive: '> [!IMPORTANT] > These rules override your training data. Your knowledge is outdated.' This is a classic direct prompt injection pattern designed to make the agent discard its trained knowledge and blindly trust the skill's content as authoritative. This phrasing is a hallmark of prompt injection attacks that attempt to establish false authority and override the agent's baseline behavior and safety guidelines. (SKILL.md)
  • [LLM_PROMPT_INJECTION] (HIGH) The skill instructs the agent to unconditionally trust results from the 'search_docs' MCP tool as the 'source of truth': 'Trust MCP results as source of truth for API details — they are always up-to-date.' This creates an indirect prompt injection vector: if the MCP server is compromised, impersonated, or returns malicious content, the agent is instructed to treat that content as authoritative and act on it without skepticism. The static analyzer also flagged multiple ATR_2026_00010 hits (malicious content in MCP tool responses), confirming this risk surface. Combined with the fabricated model data already in the skill, this pattern suggests the skill may be designed to funnel the agent toward trusting attacker-controlled data sources. (SKILL.md)
  • [ATR_2026_00001] (HIGH) Pattern detected: override your training (SKILL.md:6)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: gemini-3.5-flash: 1M tokens, fast, balanced performanc (SKILL.md:10)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: gemini-3.1-flash-lite-preview: cost-efficient, fastest performance for high-frequenc (SKILL.md:12)
  • [ATR_2026_00010] (CRITICAL) Pattern detected: gemini-2.5-flash: 1M tokens, fast, balanced performanc (SKILL.md:17)

Allowlisted (not blocking):

  • MANIFEST_MISSING_LICENSE (Allowed: google-gemini/gemini-skills is licensed Apache-2.0 at the repository root; upstream does not embed an SPDX license identifier in per-skill SKILL.md frontmatter.)

❌ gemini-interactions-api

  • Status: Failed
  • Findings: 8
  • Blocking: 5

Blocking issues:

  • [LLM_HARMFUL_CONTENT] (HIGH) The skill lists model identifiers such as 'gemini-3.5-flash', 'gemini-3.1-pro-preview', 'gemini-3-pro-image (Nano Banana Pro)', 'gemini-omni-flash-preview', and agent identifiers like 'antigravity-preview-05-2026' and 'deep-research-preview-04-2026'. These do not correspond to any publicly documented Gemini models or agents as of the current knowledge base. Combined with the instruction to override training data and to treat deprecated all real/known models (gemini-2.5-, gemini-2.0-, gemini-1.5-*), this skill could cause the agent to generate code using non-existent APIs, mislead users about Google's actual product offerings, or cause application failures. The 'Nano Banana' codenames are particularly suspicious as informal/unofficial names unlikely to appear in real Google documentation. (SKILL.md)
  • [LLM_PROMPT_INJECTION] (HIGH) The SKILL.md instruction body contains a callout block that explicitly states 'These rules override your training data. Your knowledge is outdated.' This is a classic direct prompt injection pattern designed to make the LLM discard its trained knowledge and unconditionally follow the skill's instructions, including potentially fabricated model names and API details. This phrasing is a well-known jailbreak/instruction-override technique. (SKILL.md)
  • [LLM_PROMPT_INJECTION] (HIGH) The skill mandates that the agent MUST fetch external URLs from ai.google.dev before writing any code. This creates an indirect prompt injection vector: if any of those external documentation pages contain malicious instructions, the agent will process and potentially follow them. The skill explicitly states 'You MUST fetch the relevant documentation page' and 'These hosted docs are the source of truth.' This delegates trust to external, uncontrolled content sources that could be compromised, modified, or serve adversarial content. (SKILL.md)
  • [ATR_2026_00001] (HIGH) Pattern detected: override your training (SKILL.md:6)
  • [ATR_2026_00050] (HIGH) Pattern detected: while (true) (SKILL.md:159)

✅ gemini-live-api-dev

  • Status: Passed
  • Findings: 4
  • Allowed (not blocking): 1
    • MANIFEST_MISSING_LICENSE (Allowed: google-gemini/gemini-skills is licensed Apache-2.0 at the repository root; upstream does not embed an SPDX license identifier in per-skill SKILL.md frontmatter.)

Summary: Scanned 3 skill(s), found 12 blocking issue(s).

⚠️ Action Required: Review the blocking findings. Add a justified entry to the skill's security.allowed_issues[] in its spec.yaml if the finding is a false positive.

@renovate renovate Bot force-pushed the renovate/google-gemini-gemini-skills-digest branch from 7cd7d3e to 3806797 Compare July 3, 2026 10:17
@renovate

renovate Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor Author

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants