The Agent Skills Directory

[COMMAND_EXECUTION]: The script 'scripts/gemini_image_gen.py' utilizes 'subprocess.run' to execute the macOS 'security' command. This is used to query the system's Keychain for generic passwords, representing direct interaction with host-level sensitive credential storage.\n- [CREDENTIALS_UNSAFE]: The skill is configured to automatically harvest API keys from multiple sources, including the 'GEMINI_API_KEY' and 'GOOGLE_API_KEY' environment variables and the macOS Keychain. This pattern allows the agent to access and utilize sensitive credentials stored on the host system.\n- [DATA_EXFILTRATION]: The skill transmits the retrieved API keys to an external Google Gemini API endpoint ('generativelanguage.googleapis.com'). While this targets a well-known service, it involves the transmission of sensitive local identifiers to a remote server.\n- [EXTERNAL_DOWNLOADS]: The skill performs automated research by querying PubMed ('pubmed.ncbi.nlm.nih.gov') via web searches to retrieve medical paper metadata and content for slide generation.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting data from PubMed and user-editable direction files ('lecture-brief.md') without sanitization or protective boundary markers.\n
Ingestion points: External research results from PubMed, user-provided reference files, and the human-editable 'lecture-brief.md' file.\n
Boundary markers: Absent. External content is interpolated directly into agent prompts without delimiters or instructions to ignore embedded malicious content.\n
Capability inventory: The skill can execute shell commands, perform network operations, and create persistent 'scheduled-tasks'.\n
Sanitization: None. There is no evidence of filtering or validation of external content before it is processed by the model.

academic-lectures