The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The gen_image.py script automatically installs the Pillow and google-genai packages using the pip package manager during its first execution.
[COMMAND_EXECUTION]: The skill uses the subprocess module in Python to perform several actions: running pip to install dependencies, and using the open command on macOS to display the generated images to the user.
[REMOTE_CODE_EXECUTION]: The skill implements a 'Code-Based Rendering' mechanism where the agent generates HTML, CSS, and React code based on user prompts. This code is then loaded into a Playwright browser instance via scripts/render_to_png.py to be rendered as a PNG. This creates a path where dynamically generated code is executed in a browser context.
[PROMPT_INJECTION]: The skill acts as an intermediary for user-provided prompts, which are used to generate secondary code (HTML/JS) or instructions for other models. This surface is vulnerable to indirect prompt injection if the user input contains instructions intended to manipulate the agent's behavior during code generation.
Ingestion points: The prompt argument in gen_image.py and the instructions for generating HTML in SKILL.md utilize untrusted user input.
Boundary markers: The provided scripts do not implement explicit boundary markers or delimiters to separate instructions from user-provided data.
Capability inventory: The skill has capabilities for file system writes, network requests (API and headless browser), and shell command execution.
Sanitization: There is no evidence of input validation or sanitization being applied to user prompts before they are interpolated into the generation logic.

lovstudio-image-creator