OpenGemini CLI

The skill bundle provides a wrapper for the local Gemini CLI but contains critical shell injection vulnerabilities in its helper scripts. Specifically, `scripts/gemini_review.sh` and `scripts/gemini_json.sh` expand variables containing potentially untrusted file content or prompts directly within double-quoted strings in an `exec` call. This allows for arbitrary command execution (RCE) if the input contains shell metacharacters such as backticks or command substitutions. While `SKILL.md` includes safety guidelines for the agent, the underlying script implementations are fundamentally insecure.