The Agent Skills Directory

[COMMAND_EXECUTION]: The skill is designed to execute the gemini command-line interface tool with various flags including -r for session resumption and -p for prompt execution.
[COMMAND_EXECUTION]: By default, the skill uses the --approval-mode auto_edit flag. This allows the Gemini CLI to autonomously use write_file and replace tools to modify the local filesystem without requiring explicit user confirmation for each edit.
[PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection (Category 8). It ingests untrusted data from multiple sources which are then used to influence the behavior of the gemini CLI sub-agent.
Ingestion points: Data is read from <project-root>/.gemini-cli-session-id and historical logs located at ~/.gemini/tmp/<project_hash>/logs.json. User-provided prompts are also passed directly to the tool.
Boundary markers: No explicit boundary markers or delimiters are used to separate historical context or session IDs from current instructions when passed to the CLI.
Capability inventory: The skill possesses the capability to execute shell commands (gemini) and, through the auto_edit mode, the capability to perform arbitrary file writes and modifications.
Sanitization: There is no evidence of sanitization or validation performed on the session IDs or recovered log content before they are used in command execution.
[DATA_EXPOSURE]: The skill accesses sensitive configuration and history files within the user's home directory (~/.gemini/projects.json and ~/.gemini/tmp/*/logs.json) to recover project hashes and session identifiers.

gemini-cli-session