docs: Add Gemini CLI compatibility instructions

[dguido]

Summary

Research into Gemini CLI compatibility for these skills.

Findings

Skills Compatibility

Gemini CLI v0.23.0+ has experimental Agent Skills support. Our skills work via the
gemini-cli-skillz bridge extension
with no modifications needed.

Key differences:

• Gemini only supports name and description in frontmatter (no allowed-tools)
• No plugin.json wrapper
• Tool restrictions are CLI-level, not per-skill

User setup:

# Enable experimental skills
gemini  # then /settings → search "Skills" → enable

# Install skillz bridge
gemini extensions add gemini-cli-skillz

Security Extension (Complementary)

Gemini CLI also has a security extension
that provides vulnerability scanning:

• /security:analyze - analyze code changes for vulnerabilities
• /security:scan-deps - OSV-Scanner integration for dependency vulnerabilities
• 90% precision, 93% recall on OpenSSF CVE Benchmark
• GitHub Actions integration for PR reviews

This could complement our security audit skills.

Proposed Changes

1. Add docs/gemini-cli.md with installation instructions
2. Mention security extension as complementary tool
3. Update README.md to note Gemini CLI compatibility

Sources

• Gemini CLI Skills Docs
• gemini-cli-skillz Extension
• Security Extension