The Agent Skills Directory

[COMMAND_EXECUTION] (MEDIUM): The skill constructs and executes shell commands using the gemini CLI, interpolating user queries directly into the tool's parameters. The presence of the --yolo flag bypasses manual approval for tool execution, which could allow an attacker to trigger unauthorized actions (such as file manipulation or shell execution) if the CLI environment is not strictly restricted.
[PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8). (1) Ingestion points: Untrusted content from web search results is retrieved and parsed from the Gemini CLI output. (2) Boundary markers: No delimiters or protective instructions are utilized to separate retrieved content from the agent's instructions. (3) Capability inventory: The underlying gemini CLI tool possesses broad capabilities, including system command execution and file system access. (4) Sanitization: The validation logic focuses on content quality and relevance rather than filtering for malicious instructions.
[EXTERNAL_DOWNLOADS] (LOW): The skill relies on external tools including the gemini CLI and gcloud SDK. While these are distributed by a trusted organization (Google), they represent external dependencies required for the skill's core functionality.
[DATA_EXFILTRATION] (LOW): User search queries and metadata are recorded in a local cache directory (.cache/gemini-searches) and an analytics log (search_analytics.json), creating a persistent local record of search activity.

gemini-websearch