The Agent Skills Directory

[COMMAND_EXECUTION]: The skill invokes the gemini CLI and python3 via subprocess calls to check settings and execute prompts. It uses the timeout utility to manage execution duration and includes the --approval-mode plan flag to ensure safety during analysis tasks.
[DATA_EXFILTRATION]: Accesses configuration files located at ~/.gemini/settings.json and .gemini/settings.json. While these files contain tool settings rather than credentials, accessing files in the user's home directory is noted as a sensitive operation.
[EXTERNAL_DOWNLOADS]: Documentation references external installation sources for the gemini-cli tool via NPM and Homebrew. These are provided as setup instructions and are not automatically executed by the skill scripts.
[PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection by ingesting data from local configuration files to determine execution behavior. 1. Ingestion points: .gemini/settings.json and ~/.gemini/settings.json in SKILL.md. 2. Boundary markers: None present for the configuration data ingestion. 3. Capability inventory: Subprocess execution of python3 and gemini CLI in SKILL.md. 4. Sanitization: Employs a Python one-liner to parse JSON and extract specific keys, providing basic structural validation.

bridge-gemini