The Agent Skills Directory

COMMAND_EXECUTION (HIGH): The skill explicitly instructs the agent to execute a bash command gemini -m gemini-2.5-flash -p "...". This execution occurs within a workflow that incorporates untrusted data from external searches into command parameters, posing a risk of command injection if parameters are not strictly sanitized.- PROMPT_INJECTION (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8). It ingests untrusted data from the web via WebSearch and docs-seeker (GitHub) in Phase 2. There are no defined boundary markers or sanitization logic to prevent malicious instructions hidden in these external sources from hijacking the research process or the subsequent gemini CLI call. This meets the criteria for HIGH severity as the skill combines external content ingestion with execute capabilities.- EXTERNAL_DOWNLOADS (MEDIUM): The workflow relies on a gemini CLI tool and the docs-seeker skill. While google-gemini is a trusted organization, the generic reference to a bash command gemini without versioning or source verification introduces a dependency risk if the local environment is compromised or the tool is sourced from an untrusted repository.

research