The Agent Skills Directory

[SAFE]: All network activity is restricted to the official Agnes AI API endpoint at apihub.agnes-ai.com. These operations are consistent with the skill's stated purpose of providing content generation capabilities.
[SAFE]: The skill implements secure credential handling by retrieving API keys from environment variables (AGNES_API_KEY, AGNES_API_TOKEN, or APIHUB_AGNES_API_KEY). No hardcoded secrets or unsafe storage methods were identified.
[SAFE]: The script uses standard Python libraries (urllib, json, argparse) to interact with the API. There is no evidence of dynamic code execution (eval/exec), privilege escalation (sudo), or persistence mechanisms (cron/startup scripts).
[PROMPT_INJECTION]: The skill processes user-supplied prompts and image URLs which are passed to the Agnes AI models. This represents a standard surface for indirect prompt injection where a third-party model might return instructions; however, the skill itself does not execute these outputs as system commands, mitigating the risk to the local environment.

agnes-ai-generation