The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill downloads and executes the @ycse/nanobanana-mcp package from the NPM registry using npx as part of its core functionality. While this is the intended mechanism for the MCP integration, the package originates from an external source not included in the pre-defined trusted vendor list.
[COMMAND_EXECUTION]: The skill relies on several command-line tools for setup, validation, and post-processing of images. This includes executing python3 for setup scripts, npx for starting the MCP server, and magick or convert (ImageMagick) for image resizing and format conversion.
[PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection due to its handling of untrusted data:
Ingestion points: User-supplied image descriptions and file paths are processed during the image generation and editing workflows (e.g., in the /blog image edit <path> <instructions> command).
Boundary markers: The instructions provide guidance on rephrasing prompts and using a 6-component reasoning system, which helps structure the interaction, but there are no formal boundary markers (like XML tags or specific delimiters) used to isolate user-provided paths or instructions from the shell commands used for post-processing.
Capability inventory: The agent has access to shell command execution (magick, convert, npx, python3) and specialized image manipulation tools via the MCP server.
Sanitization: While the skill advises interpreting and enhancing user intent rather than passing raw text to the API, it lacks explicit technical sanitization (such as shell-escaping or path validation) for the data interpolated into local CLI commands.

blog-image