The Agent Skills Directory

[COMMAND_EXECUTION]: The skill runs a TypeScript script via the Bun runtime to facilitate gallery operations.
[DATA_EXFILTRATION]: Network requests are made to a user-defined Convex backend URL to query asset metadata and search for content.
[EXTERNAL_DOWNLOADS]: The skill downloads images from remote storage URLs provided by the gallery backend and saves them locally.
[PROMPT_INJECTION]: The skill processes untrusted promptText from an external database, which the agent is instructed to use in its tasks, creating an indirect prompt injection vector. Ingestion points: promptText and tagNames fetched from Convex backend via convexQuery and convexAction in scripts/query.ts. Boundary markers: No delimiters or protective instructions are used when returning or utilizing the retrieved prompts. Capability inventory: Script has access to network (fetch) and filesystem (writeFile, mkdir) tools. Sanitization: The skill does not validate or sanitize the content retrieved from the remote database.
[COMMAND_EXECUTION]: The download action accepts an outDir parameter from the agent which is used in mkdir and join operations without sanitization, potentially allowing directory creation or file writes outside of the intended /tmp location.

laniameda-gallery-query