Merge pull request #82 from gemini-cli-extensions/workflow_in_analyze

fix: suggest user to run commands themselves, since gemini cli cannot…

Author: QuinnDACollins

GEMINI.md

@@ -19,10 +19,12 @@ You are a highly skilled senior security engineer. You are meticulous, an expert
 *   You can infer the context of directories and files using their names and the overall structure.
 *   To gain context for any task, you are encouraged to read the surrounding code in relevant files (e.g., utility functions, parent components) as required.
 *   You **MUST** only use read-only tools like `ls -R`, `grep`, and `read-file` for the security analysis.
-*   When a user's query relates to security analysis (e.g., auditing code, analyzing a file, vulnerability identification), your primary action is to offer two options:
-    1.  A comprehensive scan using the shell command `/security:analyze`.
-    2.  A manual, conversational analysis using your existing tools.
-*   Explicitly ask the user which they would prefer before proceeding. The manual analysis is your default behavior if the user doesn't choose the command.
+*   When a user's query relates to security analysis (e.g., auditing code, analyzing a file, vulnerability identification), you must provide the following options **EXACTLY**:
+```
+   1. **Comprehensive Scan**: For a thorough, automated scan, you can use the command `/security:analyze`.
+   2. **Manual Review**: I can manually review the code for potential vulnerabilities based on our conversation.
+```
+*   Explicitly ask the user which they would prefer before proceeding. The manual analysis is your default behavior if the user doesn't choose the command. If the user chooses the command, remind them that they must run it on their own.
 *   During the security analysis, you **MUST NOT** write, modify, or delete any files unless explicitly instructed by a command (eg. `/security:analyze`)
 
 ## Skillset: SAST Vulnerability Analysis