The Agent Skills Directory

[COMMAND_EXECUTION]: The skill interacts with the gemini command-line utility. It implements security measures by passing the main user prompt through standard input (stdin) to prevent shell injection and avoid command length limits. On Windows, the --model flag is strictly validated against an alphanumeric regex before execution.\n- [EXTERNAL_DOWNLOADS]: The skill includes a fallback mechanism to download and run the @google/gemini-cli package via npx if it is not detected on the system path. This package is an official tool from a trusted organization (Google).\n- [PROMPT_INJECTION]: The skill processes user-supplied text for analysis. 1. Ingestion points: User prompts are captured in ask-gemini.mjs. 2. Boundary markers: No explicit delimiters are used in the stdin stream. 3. Capability inventory: Execution of the gemini CLI for analysis and sandboxing. 4. Sanitization: Command-line arguments are validated, and the core prompt is isolated from the shell environment via stdin.

omega-gemini-cli