The Agent Skills Directory

[INDIRECT_PROMPT_INJECTION]: The skill processes user-supplied data from the brief and brand_style inputs by interpolating them into image generation and caption prompts. This creates a standard attack surface where malicious input could influence the generated content.
Ingestion points: User inputs defined in SKILL.md (brief, brand_style, format).
Boundary markers: None present in the prompt templates.
Capability inventory: Subprocess calls via muapi CLI and curl network operations (referenced in SKILL.md).
Sanitization: No explicit sanitization or validation of the user input is mentioned before interpolation.
[COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands using the muapi CLI and curl. These operations are intended for authentication (muapi auth configure) and triggering the vendor's image generation services (muapi image generate).
[DATA_EXPOSURE]: The skill utilizes the $MUAPI_API_KEY environment variable for authentication. This is a standard and safe method for managing credentials in an agent environment, ensuring keys are not hardcoded or exposed to unauthorized parties.

muapi-instagram-post