The Agent Skills Directory

[DATA_EXFILTRATION]: The skill reads API credentials from a local configuration file (config/secrets.md) to authenticate requests. These keys are transmitted to Google's official endpoints or a user-defined proxy, which is necessary for the skill's intended functionality.
[COMMAND_EXECUTION]: The skill uses Bash(curl) to communicate with external image generation APIs. It constructs requests by interpolating user-provided prompts from $ARGUMENTS into shell commands. This creates a surface for indirect prompt injection if the agent does not properly sanitize or escape the input before execution.
Ingestion points: User input enters the skill via the $ARGUMENTS variable in SKILL.md.
Boundary markers: No explicit delimiters or instructions to ignore embedded commands are included in the command templates.
Capability inventory: The skill uses the Read tool for local configuration access and the Bash tool for network communication.
Sanitization: The instructions do not specify explicit sanitization or validation of the $ARGUMENTS content before its use in shell commands.
[EXTERNAL_DOWNLOADS]: The skill interacts with Google's official Generative Language API and potentially user-defined proxy services to generate and retrieve image data.

gemini-image