The Agent Skills Directory

EXTERNAL_DOWNLOADS (MEDIUM): The documentation references an undefined 'gemini' CLI command (prompt | gemini -y ...) which is not included in the standard google-genai installation instructions provided. This constitutes an unverifiable dependency that could lead to the execution of arbitrary code if a malicious binary is present in the environment's PATH.
COMMAND_EXECUTION (LOW): The skill explicitly requests the Bash tool and utilizes it to run local Python scripts and system utilities like ffmpeg. This provides a powerful execution environment that can be abused if the agent is compromised via prompt injection.
PROMPT_INJECTION (LOW): The skill is highly susceptible to Indirect Prompt Injection (Category 8).
Ingestion points: gemini_batch_process.py and document_converter.py ingest and process untrusted external data (PDFs, images, audio, video).
Boundary markers: Absent. There are no instructions for the agent to ignore or delimit embedded text/instructions found within processed media.
Capability inventory: Bash, Read, Write, and Edit. A successful injection could result in arbitrary command execution or file system modification.
Sanitization: Absent. The skill does not describe any sanitization of OCR text or transcriptions before they are used to influence agent behavior.

ai-multimodal