The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill instructs the user to install an extension from a non-vendor GitHub repository (https://github.com/gemini-cli-extensions/code-review). This represents the installation and execution of code from an unverified external source.\n- [COMMAND_EXECUTION]: The skill recommends appending API keys to the user's shell profile (echo 'export GEMINI_API_KEY="your-api-key"' >> ~/.zshrc) for persistence. This modification of system configuration files for environment variables is a persistence mechanism.\n- [PROMPT_INJECTION]: The CI/CD and automation examples are vulnerable to indirect prompt injection because they interpolate the output of git diff directly into prompts (e.g., $(cat diff.txt)) without using delimiters or sanitization. This allows malicious code changes to potentially control the LLM's review behavior. Ingestion points: GitHub Action and GitLab CI scripts in SKILL.md. Capability inventory: execution of the gemini CLI and reading repository files. Sanitization and boundary markers are absent.

gemini-review