The Agent Skills Directory

[COMMAND_EXECUTION]: The instructions in SKILL.md direct the agent to construct and execute shell commands by placing the user's raw, unvalidated input directly into command arguments (e.g., node scripts/generate_image.js -p "{prompt}"). This creates a critical command injection surface where a malicious user could execute arbitrary shell commands on the host system.
[DATA_EXFILTRATION]: The included scripts (generate_image.js and generate_image.py) are designed to read local files provided via the --input-image argument, convert them to Base64, and send the data to an external API endpoint (api.apiyi.com). An attacker could exploit this by tricking the agent into 'editing' sensitive files (such as SSH keys or configuration files), resulting in their exfiltration to the external proxy service.
[EXTERNAL_DOWNLOADS]: The skill performs network operations to a third-party domain (apiyi.com) that is not identified as a trusted or well-known service provider. User prompts and file data are transmitted to this external entity, which increases the risk of data exposure.
[PROMPT_INJECTION]: The instructions explicitly tell the agent to use the user's 'original complete input' as the prompt and to 'avoid self-rewriting'. This behavior ensures that any prompt injection or jailbreak payloads provided by a user are passed directly to the backend processing model without filtering or sanitization.

nano-banana-pro-image-gen