The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill downloads generated images from remote APIs. To mitigate potential Server-Side Request Forgery (SSRF) attacks, the image_create.py script includes a validation function that verifies IP addresses are not within private or reserved ranges before attempting a download.
[CREDENTIALS_UNSAFE]: The skill requires an IMAGE_MODEL_API_KEY, which it reads from a local .env file (aws.env). This approach follows security best practices for credential management by keeping secrets out of the source code.
[COMMAND_EXECUTION]: The agent is instructed to run specific Python scripts for its workflow. These scripts are limited to their intended functionality (API interaction and file system organization) and do not allow for arbitrary command execution.
[DATA_EXFILTRATION]: Image prompts derived from the article content are sent to the user-configured image API. This is a disclosed and necessary operation for the skill's primary purpose.

aws-wechat-article-images