Use @{...} to inject file content in example workflows

[ehedlund]

Use @{...} to inject file content in example workflows, instead of !{...}, which executes shell commands.

Fixes #509.

Also run npm run format on the repo.

[galz10]

Code Review

Scope: Pull Request #511

This PR addresses issue #509 by migrating from !{read_file(...)} to the native @{...} syntax for file content injection in example TOML command definitions. It also streamlines the corresponding GitHub Action workflow files by removing the now-redundant read_file tool from the core tool allowlist and applies repository-wide formatting via npm run format.

Metadata Review

• PR Title: "Use @{...} to inject file content in example workflows" - Accurate and follows conventions.
• PR Description: Clearly explains the motivation (security/hardening by avoiding shell execution in templates) and references the correct issue.

Concerns (Action Required)

• .github/commands/: The PR updates the files in examples/workflows/, but does not update the corresponding command definitions in .github/commands/. The files in .github/commands/ are the actual default commands installed by the action (as defined in action.yml). Leaving these un-updated creates a discrepancy where the action's built-in defaults use a different (and potentially broken, per #509) syntax compared to the examples provided to users. All TOML files in .github/commands/ should be updated to use the @ syntax and the JSON context file where applicable to maintain consistency and resolve the bug for all users, not just those who copy the examples.

• Inconsistent Context Handling: The examples/ TOML files have been updated to use a unified JSON context (@{.gemini/context.json}), while the .github/commands/ files still rely on individual environment variable injections (e.g., !{echo $TITLE}). While !{echo ...} might work for simple variables, the PR's intent is to move towards the @ syntax. These should be aligned to ensure a consistent developer experience.