The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes the sessions_spawn function to execute shell commands on a remote MiniPC node. Specifically, it runs gemini --yolo, where the --yolo flag is used to bypass confirmation prompts, granting the agent high autonomy and reducing user oversight of the commands performed.
[PROMPT_INJECTION]: In SKILL.md, the command template gemini --yolo \"[DETAILED RESEARCH PROMPT]\" interpolates user-controlled or agent-generated research prompts directly into a shell command. This pattern is vulnerable to command injection if the input contains shell metacharacters like semicolons or backticks that could terminate the command and execute unauthorized instructions on the MiniPC host.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes data from external sources via the Gemini CLI research tool. Malicious instructions embedded in web content being researched could influence the sub-agent's behavior, leading to biased research results or secondary command execution. (Ingestion point: Gemini CLI; Boundary markers: Absent; Capability inventory: sessions_spawn, gemini CLI; Sanitization: Absent).

research-pro