The Agent Skills Directory

[COMMAND_EXECUTION] (HIGH): The skill instructs the agent to execute the gemini bash command using dynamically generated prompts. Evidence: Phase 2, Section 1 states 'execute gemini -m gemini-2.5-flash -p "...your search prompt..." bash command'. Risk: The lack of sanitization for the search prompt, which is derived from research topics and potentially external data, creates a significant risk of shell command injection.
[PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to Indirect Prompt Injection (Category 8). Evidence Chain: 1. Ingestion points: The skill reads external content via WebSearch and GitHub repositories through docs-seeker. 2. Boundary markers: Absent; there are no delimiters or instructions to ignore embedded commands in external data. 3. Capability inventory: The skill has high-privilege capabilities including bash command execution and file writing to the ./plans/ directory. 4. Sanitization: Absent; external data is synthesized directly into reports and used to influence subsequent agent actions. Risk: Malicious instructions embedded in websites or repositories could hijack the agent's execution flow.

research