The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill references the @google/gemini-cli package, which is provided by a well-known technology company. This is a standard dependency for the skill's documented functionality.
[COMMAND_EXECUTION]: Uses bash commands to perform file system operations, such as counting tokens and identifying source files, as well as executing the Gemini CLI tool to process the gathered data.
[DATA_EXFILTRATION]: Collects the content of local source files and transmits it to the Google AI API via the Gemini CLI. This activity is the intended primary purpose of the skill and relies on a trusted service provider.
[PROMPT_INJECTION]: The skill processes codebase files which are untrusted external data. While this creates a surface for indirect prompt injection, it is the primary intended use case for the tool.
Ingestion points: Files are collected via find and cat in Step 4 and 5 of SKILL.md.
Boundary markers: None present; file content is piped directly into the CLI tool.
Capability inventory: The skill has access to Bash, Read, and Glob tools, and writes reports to the file system.
Sanitization: No sanitization or filtering of file content is performed before analysis.

gemini-explore