The Agent Skills Directory

[PROMPT_INJECTION]: The skill instructions in SKILL.md and references/patterns.md mandate the use of the --approval-mode yolo flag. This configuration explicitly overrides manual approval requirements for tool execution by the Gemini agent, bypassing human-in-the-loop security controls.
[COMMAND_EXECUTION]: The skill uses the Bash tool to execute the gemini CLI. The CLI is capable of executing arbitrary shell commands and performing file system operations.
[REMOTE_CODE_EXECUTION]: By combining the yolo approval mode with an autonomous agent (Gemini CLI), the skill facilitates the execution of AI-generated code and commands without user verification. This effectively creates an automated remote code execution pipeline if untrusted content is processed.
[DATA_EXFILTRATION]: The integrated gemini CLI includes capabilities like web_fetch and google_web_search (documented in references/tools.md). When used in conjunction with file-reading capabilities, this presents a risk of data exfiltration if the agent is manipulated into sending local file content to external endpoints.
[INDIRECT_PROMPT_INJECTION]: The skill is designed to process external data (prompts, codebase contents, web search results) through the Gemini CLI.
Ingestion points: Prompts passed to gemini "[prompt]" and data read via codebase_investigator or web_fetch.
Boundary markers: None identified in the provided templates.
Capability inventory: The CLI tools include read_file, write_file, search_file_content, and shell command execution.
Sanitization: No sanitization or validation of the input prompt is performed before it is passed to the shell-based CLI execution.

gemini