Gemini Worker

The skill is internally coherent: it documents and scripts headless use of the Gemini CLI and only asks for filesystem access that is consistent with that purpose — but it does instruct patterns (--include-directories + --yolo) that, if misused, can expose or modify local files, so use least privilege.

This skill appears to do exactly what it claims: run Gemini CLI headlessly as a worker. That requires granting the Gemini process explicit read/write access to whatever paths you pass via --include-directories and running with --yolo (auto-approve tool calls). Before installing or using it: 1) Limit --include-directories to the minimal directories needed (avoid including /, your home dir, or other sensitive paths). 2) Do not pass untrusted input directly into -p; prefer writing untrusted content to a file and point Gemini at that file as the docs recommend. 3) Be aware that any file paths you include can be read or written by the Gemini process (and the model can be instructed to run commands via tool calls when --yolo is set). 4) Install @google/gemini-cli only from the official npm package and verify provenance if possible. 5) Consider running the worker in an isolated environment (container, CI runner, or dedicated service account) if you will include project or system directories. If you want stronger assurance, ask the maintainer for a homepage or repository signature, or request a signed release link so you can verify the upstream source.