The Agent Skills Directory

[COMMAND_EXECUTION]: The fallback script scripts/web-search.sh executes the gemini CLI tool with the --yolo flag. This flag is specifically designed to bypass interactive safety confirmations and security guardrails, allowing the sub-tool to perform operations autonomously without human review.- [PROMPT_INJECTION]: The script web-search.sh directly interpolates the $SEARCH_QUERY variable into a prompt template without any sanitization or boundary markers (such as XML tags or 'ignore' instructions). This allows a malicious query to override the intended search task and manipulate the behavior of the Gemini sub-agent.- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection by processing untrusted data from web searches. Ingestion points: External content enters the system via Exa results and the SEARCH_QUERY argument in web-search.sh. Boundary markers: No delimiters or safety warnings are present to isolate untrusted content. Capability inventory: The skill can execute shell commands via scripts/web-search.sh and perform extensive web crawling. Sanitization: No filtering or escaping is applied to external data before it is passed to the AI models.

searching-web