The Agent Skills Directory

[COMMAND_EXECUTION]: The scripts/providers/nano-banana.sh script executes shell commands defined in the NANO_BANANA_COMMAND environment variable. This allows any user or process capable of modifying environment variables to achieve arbitrary code execution on the host system.
[COMMAND_EXECUTION]: The scripts/image-provider.sh script uses unsanitized command-line arguments, specifically --page-name and --shot-id, to build file paths for writing output. This lack of validation enables path traversal, potentially allowing an attacker to write or overwrite files anywhere the agent has permissions.
[EXTERNAL_DOWNLOADS]: The scripts/providers/bloom.sh script downloads files from remote URLs using curl. While these downloads are part of the intended functionality (fetching generated images from a well-known service), the vulnerability in path construction makes this an unsafe operation.
[COMMAND_EXECUTION]: The skill presents an indirect prompt injection surface as it ingests untrusted data via --prompt and --source-url (scripts/image-provider.sh) which is then used in subprocess calls without sanitization or boundary markers (Capability: bash/curl/python3 execution).

page-visuals