The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The documentation and the scripts/generate_image.py file explicitly instruct users to replace a placeholder with their actual Google Gemini API key directly in the source code. This is an unsafe practice for secret management that risks exposing sensitive credentials if the script is shared or committed to a repository.
[COMMAND_EXECUTION]: The skill instructions in SKILL.md direct the agent to execute a Python script using shell commands where arguments (prompt, output path, reference images) are derived from user input. This pattern creates a vulnerability where the agent could be manipulated into reading sensitive files or overwriting system files by providing malicious paths to the --ref or --output parameters.
[DATA_EXFILTRATION]: The script transmits user-provided prompts and the binary content of local reference images to a remote API endpoint at generativelanguage.googleapis.com. While targeting a well-known service for its intended purpose, this represents a mechanism for sending local data to an external server.
[PROMPT_INJECTION]: The skill includes a skill-report.json file that contains a pre-defined security audit claiming the skill is safe. This is a self-referential attempt to influence the results of security scanners and bypass independent analysis.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface through its handling of untrusted input: * Ingestion points: User prompts and reference image paths are passed as command-line arguments to scripts/generate_image.py. * Boundary markers: No delimiters or warnings are used to separate user-provided content from the script's execution context. * Capability inventory: The script can read local files, write to the filesystem, and perform network POST requests. * Sanitization: The script lacks validation or sanitization for input prompts and file paths before using them in filesystem and network operations.

nano-image-generator