The Agent Skills Directory

[COMMAND_EXECUTION]: The helper script scripts/optimize-glb.mjs uses child_process.execSync to run shell commands like gltf-transform and rm with arguments directly interpolated from command-line parameters. This creates a command injection vulnerability if the agent is manipulated into passing file paths or names containing shell metacharacters (e.g., backticks or semicolons) derived from untrusted user prompts or external asset metadata.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection attacks because it ingests untrusted data from user prompts and external asset sources (Sketchfab, Poly Haven, etc.) and uses this data in subsequent sensitive operations without sanitization.
Ingestion points: User prompts in SKILL.md and external asset metadata from the APIs documented in references/asset-sources.md.
Boundary markers: No boundary markers or 'ignore embedded instructions' warnings are present when interpolating prompts into API calls or script arguments.
Capability inventory: The skill has access to shell execution via the Bash tool and the scripts/optimize-glb.mjs script, as well as extensive file system read/write capabilities.
Sanitization: No evidence of sanitization, escaping, or validation of user-controlled strings before they are used to construct file paths or shell commands.
[EXTERNAL_DOWNLOADS]: The skill downloads assets from well-known and recognized technology services including Meshy, fal.ai, World Labs, Sketchfab, Poly Haven, and Poly Pizza. These operations are consistent with the skill's primary purpose and utilize established API patterns.
[SAFE]: The skill reads from ~/.env to retrieve API keys. This is considered standard and safe practice for secret management within the context of an agent skill providing access to paid third-party APIs.

game-asset-generator