The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it interpolates external file content directly into an LLM prompt. While boundary markers are used, instructions embedded within the source files could potentially manipulate the translation output or corrupt the expected JSON structure.
Ingestion points: scripts/gemini-translate.sh reads the content of all files passed as arguments.
Boundary markers: The prompt uses --- FILE: ${filename} --- and --- END FILE --- delimiters.
Capability inventory: File reading via cat, command execution via gemini CLI, and data processing via an inline python3 script.
Sanitization: Relies on the model following formatting rules; no explicit sanitization of file content is performed before interpolation.
[COMMAND_EXECUTION]: The bash script executes an inline Python script for JSON parsing and output recovery. It also allows overriding the Gemini binary path via the --gemini-bin flag, which could lead to arbitrary command execution if an agent provides unvalidated input.
[EXTERNAL_DOWNLOADS]: The script attempts to download and execute the @google/gemini-cli package via pnpx. This package originates from a well-known service and a trusted organization.
[DATA_EXFILTRATION]: The skill's primary function involves reading local file content and transmitting it to Google's Gemini service for translation. Users should be aware that any content processed by the skill is sent to an external service.

gemini-translate