gemini-research

[Skill Scanner] Backtick command substitution detected The skill describes a coherent, purpose-aligned workflow for leveraging Gemini CLI for web-grounded, large-context research with memory-based handoff to Claude agents. While the footprint is reasonable for its stated goal, there are portability concerns (Windows/D:\Projects), potential synchronization issues with memory storage, and minimal detail on authentication/permissions for external services. No clear malicious behavior is evident; risks are mainly around data lifecycle management and cross-agent data sharing rather than exploitation or exfiltration. LLM verification: This skill's documentation and command patterns are plausible for a legitimate Gemini research integration, but several behaviors are disproportionate or under-specified: mandatory local scans (.claude files and D:\Projects\*), executing an external shell script with user-controlled inputs, and writing results to a shared Memory-MCP key without described access controls or sanitization. No explicit hardcoded secrets or obfuscated malware are present in the provided text, but the combination of b