OpenGemini SaaS Builder

The skill bundle contains shell injection vulnerabilities in several helper scripts, including generate_architecture.sh, generate_requirements.sh, and generate_rules.sh. These scripts embed unsanitized variables ($project and $brief) directly into shell command strings passed to the gemini CLI, which could lead to arbitrary command execution if the agent processes malicious user input. While the SKILL.md instructions include safety guidelines and require user approval for external actions like GitHub repo creation and Vercel deployment, the lack of input validation in the underlying shell scripts represents a significant security flaw.