Conversation
Agent-Logs-Url: https://github.com/JSNrepo/gemini-cyber-cli/sessions/32e80eef-6e81-443a-a9f1-3c75a35f33be Co-authored-by: JSNrepo <147151138+JSNrepo@users.noreply.github.com>
Agent-Logs-Url: https://github.com/JSNrepo/gemini-cyber-cli/sessions/32e80eef-6e81-443a-a9f1-3c75a35f33be Co-authored-by: JSNrepo <147151138+JSNrepo@users.noreply.github.com>
Agent-Logs-Url: https://github.com/JSNrepo/gemini-cyber-cli/sessions/32e80eef-6e81-443a-a9f1-3c75a35f33be Co-authored-by: JSNrepo <147151138+JSNrepo@users.noreply.github.com>
Agent-Logs-Url: https://github.com/JSNrepo/gemini-cyber-cli/sessions/32e80eef-6e81-443a-a9f1-3c75a35f33be Co-authored-by: JSNrepo <147151138+JSNrepo@users.noreply.github.com>
Agent-Logs-Url: https://github.com/JSNrepo/gemini-cyber-cli/sessions/32e80eef-6e81-443a-a9f1-3c75a35f33be Co-authored-by: JSNrepo <147151138+JSNrepo@users.noreply.github.com>
Add Gemini-Cyber extension scaffold with HATS MCP bridge, skills, and cyber commands
|
Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). View this failed invocation of the CLA check for more information. For the most up to date status, view the checks section at the bottom of the pull request. |
Summary of ChangesHello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request introduces a new extension, 'gemini-cyber-cli', designed to bridge the Gemini CLI with the HATS framework. By leveraging the Model Context Protocol (MCP), this change enables automated security reconnaissance and reporting workflows directly within the CLI environment, enhancing the tool's capabilities for ethical hacking and security assessments. Highlights
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces the Gemini-Cyber extension, which integrates the HATS framework into Gemini CLI via an MCP server. It includes new commands for scanning and reporting, along with specialized skills for reconnaissance and exploit verification. Feedback identifies high-severity security risks related to prompt injection in the command prompts and recommends implementing stricter input validation and trimming for tool parameters in the Python MCP bridge.
| Use the latest 10 tool outputs in this session as the evidence base. | ||
| If fewer than 10 are available, use all available outputs and explicitly say so. | ||
|
|
||
| Required sections: | ||
| 1. Executive Summary | ||
| 2. Scope and Methodology | ||
| 3. Reconnaissance Findings | ||
| 4. Validated Vulnerabilities | ||
| 5. Risk Prioritization Matrix | ||
| 6. Remediation Recommendations | ||
| 7. Evidence Appendix | ||
|
|
||
| For each finding include: | ||
| - Asset | ||
| - Evidence source/tool output reference | ||
| - Severity | ||
| - Confidence | ||
| - Impact | ||
| - Recommended fix | ||
| """ |
There was a problem hiding this comment.
The prompt for generating penetration testing reports is vulnerable to indirect prompt injection. It instructs the LLM to use the latest 10 tool outputs as evidence, but these outputs contain data from external, potentially malicious targets (e.g., service banners, version strings). A crafted string from a scanned target could manipulate the LLM's behavior, leading to unauthorized actions like scanning internal hosts or exfiltrating data. The prompt should be updated to treat tool outputs as untrusted data and use delimiters to separate them from instructions.
| You are executing /scan for target input: {{args}}. | ||
| Run this exact workflow with HATS MCP tools: | ||
| 1) hats_port_scan | ||
| 2) hats_service_detection | ||
| 3) hats_vulnerability_lookup | ||
| If useful, run hats_recon_chain to consolidate outputs. | ||
| Return: | ||
| - Target and scan scope | ||
| - Open ports | ||
| - Identified services/versions | ||
| - Correlated vulnerabilities with severity and confidence | ||
| - Next recommended recon or verification step | ||
| """ |
There was a problem hiding this comment.
The prompt for the /scan command directly concatenates user-supplied arguments ({{args}}) into the prompt without sanitization or delimitation. This makes it vulnerable to direct prompt injection, where a user could provide input that overrides the intended workflow (e.g., skipping service detection or targeting unauthorized hosts). While the impact is limited to the user's own session in a CLI context, it represents a failure to follow LLM safety best practices for handling untrusted input.
|
|
||
|
|
||
| async def _call_hats_function(tool_name: str, kwargs: dict[str, Any]) -> dict[str, Any]: | ||
| try: |
There was a problem hiding this comment.
According to the general rules, string parameters from tools should be trimmed and checked for emptiness to prevent whitespace-only values from being accepted. This is especially important for the target parameter which is central to these security tools. Centralizing this logic in _call_hats_function ensures all tools (including the recon chain) adhere to this requirement.
kwargs = {k: (v.strip() if isinstance(v, str) else v) for k, v in kwargs.items()}
if "target" in kwargs and not kwargs["target"]:
return {
"tool": tool_name,
"timestamp": _format_utc_timestamp(),
"status": "error",
"input": _convert_to_json_serializable(kwargs),
"error": "The 'target' parameter cannot be empty or whitespace only.",
}
try:References
- When validating string parameters from tools, trim the string first and then check for emptiness to prevent whitespace-only values from being accepted.
gemini-cli
bot
added
the
priority/p1
…lls, and cyber commands"
Revert "Add Gemini-Cyber extension scaffold with HATS MCP bridge, skills, and cyber commands"
Agent-Logs-Url: https://github.com/JSNrepo/gemini-cyber-cli/sessions/26c2524e-0ad7-4913-bb06-9d9aefc86e0d Co-authored-by: JSNrepo <147151138+JSNrepo@users.noreply.github.com>
…sion Refresh README for Gemini-Cyber-CLI scope, HATS MCP bridge, and cyber command usage
🛑 Action Required: Evaluation ApprovalSteering changes have been detected in this PR. To prevent regressions, a maintainer must approve the evaluation run before this PR can be merged. Maintainers:
Once approved, the evaluation results will be posted here automatically. |
Summary
Details
Related Issues
How to Validate
Pre-Merge Checklist