The Agent Skills Directory

[DATA_EXFILTRATION]: The skill transmits data to Google's Gemini API via the @google/gemini-cli tool. This is the intended primary purpose of the skill and targets a well-known, trusted service provider.
[COMMAND_EXECUTION]: The agent uses shell redirection and piping to interface with the Gemini CLI, which is a recommended practice for handling large datasets efficiently without loading them into agent memory.
[PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection because it processes untrusted external data such as logs or codebase bundles. * Ingestion points: File inputs are provided via shell redirection to the gemini command. * Boundary markers: The skill instructions mandate adding isolation prompts (e.g., 'Do NOT use tools. Do NOT search filesystem.') to the sub-agent's context to limit its behavior. * Capability inventory: The orchestrating agent has access to Bash, Read, and Write tools. * Sanitization: There is no evidence of explicit sanitization or escaping of the piped content before it is processed by the CLI tool.
[REMOTE_CODE_EXECUTION]: The fallback procedures include the generation of a local Python script for semantic chunking of large files. This is a utility function for data management and does not involve executing unverified code from remote sources.

gemini-cli-agent