The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides a CLI runner (sn_agent_runner.py) that interacts with image generation and AI model APIs. It does not execute arbitrary shell commands or untrusted scripts.
[EXTERNAL_DOWNLOADS]: The skill downloads generated images from provider URLs (e.g., sensenova.cn) and retrieves packages from standard registries. These operations target well-known and expected services.
[DATA_EXFILTRATION]: The skill manages API keys via environment variables and .env files, which is a standard and recommended practice. It sends user-provided prompts and images to established AI service providers.
[PROMPT_INJECTION]: Indirect prompt injection attack surface identified:
Ingestion points: Prompts and images are ingested through sn_agent_runner.py.
Boundary markers: None identified in prompts passed to the model adapters.
Capability inventory: File system write (saving images in sensenova.py) and network communication (API calls in adapter classes).
Sanitization: Basic image verification performed using the Pillow library.
[SAFE]: The skill demonstrates safe coding practices, including image file validation after download and the use of temporary directories for file outputs.

sn-image-base