The Agent Skills Directory

[EXTERNAL_DOWNLOADS] (MEDIUM): The skill documentation (references/gemini-cli-integration.md) recommends the global installation of 'gemini-cli' from a third-party source (geminicli.com) rather than the official repository or a trusted organization. Users should verify the integrity of third-party tools before installation.
[COMMAND_EXECUTION] (SAFE): The skill executes external commands defined in a local configuration file (.claude/.mcp.json) to start MCP servers. This is the intended behavior and relies on the user maintaining control over their configuration.
[INDIRECT_PROMPT_INJECTION] (LOW): The skill has an indirect prompt injection surface. 1. Ingestion points: Data from external MCP tools (e.g., web search results) is read into the agent context via 'mcp-client.ts'. 2. Boundary markers: No explicit delimiters or sanitization are applied to tool outputs within the scripts. 3. Capability inventory: The skill can call arbitrary tools which may have filesystem or network access. 4. Sanitization: Tool outputs are processed as JSON but content is not filtered for embedded instructions.

mcp-management