The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill generates executable scripts (Python/Bash) in a 'scripts/' directory based on content synthesized from arbitrary web documentation. This allows untrusted external data to define code that may be executed in future sessions.- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8). It ingests untrusted data from web searches and browser automation without explicit sanitization or instructions to ignore embedded malicious prompts, then uses this data to generate new system-level instructions (SKILL.md). * Ingestion points: Web search results, official documentation sites, and GitHub READMEs processed in SKILL.md Step 2. * Boundary markers: None identified; the skill lacks delimiters or instructions to ignore commands found within documentation. * Capability inventory: File writing to local and global skill directories, browser automation, and script generation. * Sanitization: No sanitization or validation of the extracted web content is performed before it is synthesized into a new skill.- [COMMAND_EXECUTION]: The skill attempts to maintain persistence by writing generated skills to the global user directory '~/.gemini/antigravity/skills/', allowing the generated content to automatically trigger across all future workspaces. It also involves executing local scripts such as 'scripts/init_skill.py' and 'scripts/package_skill.py' for skill management.- [DATA_EXFILTRATION]: The skill uses browser automation and web extraction tools to read content from arbitrary URLs. While intended for documentation discovery, these tools have the capability to access and transmit data from various network locations.

self-learning