The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses Bash to execute the gemini CLI with prompts constructed from user input. Using the format gemini -p "<english-prompt>" creates a risk of command injection if the translated English prompt contains shell-sensitive characters (such as backticks or dollar signs) that are interpreted by the host shell.
[PROMPT_INJECTION]: The skill is subject to an indirect prompt injection surface (Category 8) as it processes untrusted user data and passes it to an external CLI tool. Ingestion points: User tasks are ingested and reformulated in the delegation workflow defined in SKILL.md. Boundary markers: The instructions specify wrapping the prompt in double quotes, which is an insufficient boundary against adversarial inputs. Capability inventory: The skill has access to Bash, Read, and Write tools, which could be abused if the delegated tool is manipulated. Sanitization: The skill depends on the AI's re-prompting logic rather than programmatic sanitization to prevent malicious instructions from reaching the CLI tool.

gemini