The Agent Skills Directory

[COMMAND_EXECUTION]: The skill frequently employs shell command templates (e.g., gemini -p "{prompt}") that interpolate variables directly into a shell command. This pattern is highly susceptible to shell command injection if the variables (such as {library}, {topic}, or {prompt}) contain shell metacharacters like backticks, semicolons, or subshell expansions.
[PROMPT_INJECTION]: The skill is designed to ingest and process a wide variety of untrusted external data sources, creating a significant surface for indirect prompt injection.
Ingestion points: Automated triggers for processing .pdf, .mp4, .mov, .mp3, and other multimodal files, as well as external Google Search results used in research tasks.
Boundary markers: The prompt templates use basic double quotes for parameters, which provides minimal protection against malicious instructions embedded within the processed content.
Capability inventory: The agent has the capability to execute CLI commands, read the local codebase, and write results to the .claude/docs/ directory.
Sanitization: No explicit sanitization, filtering, or validation of the content extracted from external files or search results is performed before the data is processed or used in further operations.
[DATA_EXFILTRATION]: The skill transmits repository structure, file contents, and research queries to Google's Gemini service. While this is the intended function of the tool for codebase analysis and research, users should be aware of the data shared with the service provider.

gemini-system