The Agent Skills Directory

[COMMAND_EXECUTION]: The skill's primary workflow involves generating and executing Python scripts (e.g., 'python3 .py') and using shell-invoked Python commands for image metadata extraction (e.g., 'python3 -c "from PIL import Image..."'). This capability is inherent to its functionality but presents a risk if generated code is not carefully reviewed.
[DATA_EXFILTRATION]: The script 'scripts/classwise_iou_table.py' contains a hardcoded absolute path ('/Users/bytedance/gitcode/paper_experiment_plot_skills/repro/classwise_iou_repro.png') that reveals internal user directory structures and environment details. While this is likely leftover author configuration, it demonstrates poor handling of local environment data.
[COMMAND_EXECUTION]: The skill references files in parent directories (e.g., '../plot-from-data/' and '../originals/'), indicating that the execution environment is expected to have broad read access across the filesystem, which increases the potential impact of path traversal or unauthorized data access.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it processes untrusted user-uploaded images to derive layout and style instructions. 1. Ingestion points: User-provided images and screenshots processed by Python scripts. 2. Boundary markers: None identified; instructions do not specify delimiters to separate image analysis results from system instructions. 3. Capability inventory: Subprocess execution via 'python3', filesystem write access via 'fig.savefig()', and read access via 'PIL.Image.open()'. 4. Sanitization: No validation or sanitization of image metadata or derived data is performed before being used in script generation.

plot-from-image