The Agent Skills Directory

PROMPT_INJECTION (LOW): Indirect Prompt Injection surface identified. The skill ingests untrusted data from external Gemini Code Assist comments and persists them in GitHub PR comments, which may influence subsequent agent interactions.\n- Ingestion points: Fetches Gemini comments via fetch-gemini-comments.sh (Step 2).\n- Boundary markers: Uses <details> tags and HTML metadata comments (), but lacks instructions for downstream agents to ignore embedded commands.\n- Capability inventory: Updates GitHub PR comments via cache-write-comment.sh (Step 6).\n- Sanitization: No explicit sanitization or filtering of the Gemini comment body or suggestions is performed before interpolation.\n- COMMAND_EXECUTION (SAFE): The skill executes local scripts located in ${CLAUDE_PLUGIN_ROOT}/scripts/. These scripts handle PR identification and GitHub API interactions using local caches and are considered safe within the intended plugin environment.

gemini-review-integrator