The Agent Skills Directory

[COMMAND_EXECUTION] (LOW): The 'Execution Workflow' describes taking a shell command from $ARGUMENTS and running it via Bash using the gemini -s flag. Although the command is intended to be sandboxed, the execution of arbitrary user strings is an inherent risk factor, here downgraded because it is the primary stated purpose of the skill.
[PROMPT_INJECTION] (LOW): The skill possesses a surface for Indirect Prompt Injection (Category 8) as it ingests and executes untrusted data.
Ingestion points: User-supplied input passed through the $ARGUMENTS variable.
Boundary markers: Absent; the instructions do not specify the use of delimiters or 'ignore' instructions for the interpolated command string.
Capability inventory: The skill has access to the Bash tool, enabling system-level command execution.
Sanitization: The documentation mentions a 'Validate Command' step, but lacks concrete implementation details for escaping or filtering shell metacharacters.

gemini-sandbox-configuration