The Agent Skills Directory

[METADATA_POISONING]: The skill references fabricated AI models and services, including 'Gemini 3 Pro Image', 'Nano Banana Pro', 'FLUX.2 klein 4B', and 'OpenAI GPT Image 1 Mini'. This deceptive metadata may mislead users or agents regarding the actual capabilities, quality, and costs associated with the skill.
[COMMAND_EXECUTION]: The instructions direct the agent to execute shell commands where user-provided prompt strings are interpolated as command-line arguments to internal scripts. This pattern allows for potential command injection if the user input is not properly escaped.
[INDIRECT_PROMPT_INJECTION]: 1. Ingestion points: Untrusted user input enters the execution context through the prompt argument in scripts/image_generate.py as described in SKILL.md. 2. Boundary markers: Absent. The instructions do not provide guidance on escaping or quoting user input to prevent command injection or instruction override. 3. Capability inventory: The skill possesses the Bash tool for shell execution and the Write tool for file system modifications as defined in SKILL.md. 4. Sanitization: Absent. No validation or sanitization steps are defined for the processed user content.

claude-video-image