The Agent Skills Directory

[PROMPT_INJECTION]: The skill utilizes forceful instructional language, specifically 'MANDATORY' and 'STOP', to direct agent behavior and restrict responses to be based 'EXCLUSIVELY' on specific documentation. This pattern is an attempt to override the agent's broader knowledge base and default reasoning protocols.
[COMMAND_EXECUTION]: The skill defines patterns for executing shell commands via the 'gemini' CLI. It highlights a 'yolo' mode using the '--yolo' flag, which allows for the execution of commands without manual approval. This removes a critical safety layer when performing potentially destructive or risky operations.
[PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection by encouraging the agent to ingest external data, such as local source code or user-provided prompts, and interpolate it directly into CLI commands. Ingestion points: The skill provides logic to read local source files (e.g., using 'find' and 'cat') and process user prompts. Boundary markers: The suggested execution patterns (e.g., 'gemini "{prompt}"') lack explicit delimiters or instructions to treat the interpolated content as untrusted data. Capability inventory: The skill has access to shell execution and network-enabled analysis tools through the Gemini CLI. Sanitization: There is no mention or implementation of sanitization, escaping, or validation for variables like '{prompt}', '{command}', or '{content}' before they are processed by the shell.
[EXTERNAL_DOWNLOADS]: The skill's primary function is to interact with and manage tasks via the 'gemini' CLI, which is an external dependency that connects to Google's cloud services (GCP/Vertex AI) for processing.

gemini-delegation-patterns