The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides instructions to execute shell commands including gemini, grep, and mv to delegate tasks and process files. These commands are constructed by interpolating user-controlled variables like asset names and descriptions. This pattern creates a potential vulnerability to command injection if the agent does not strictly validate or sanitize these input variables before they are passed to the shell environment.
[REMOTE_CODE_EXECUTION]: Through the gemini_delegation feature, the skill fetches code generated by a remote service and saves it to local files. This process involves dynamic code generation and the processing of externally generated content, which is a high-privilege operation.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests untrusted user requirements and interpolates them into prompts for the Gemini CLI. It lacks explicit boundary markers or sanitization for shell parameters, while maintaining capabilities for subprocess execution and file system access, such as writing and executing Pillow scripts defined in the references/code-patterns.md file.

Dot