The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its reliance on external, third-party datasets to guide its core logic.
Ingestion points: The refresh_references.sh script automatically downloads prompt 'cookbooks' from the YouMind-OpenLab GitHub repository. These Markdown files are then parsed and 'blended' into the agent's prompt generation process.
Boundary markers: There are no explicit delimiters or instructions provided to the agent to ignore potentially malicious directions embedded within these external cookbook files.
Capability inventory: The skill scripts (generate_openai.py, generate_gemini.py) can execute shell commands, perform network requests, and read local files.
Sanitization: The skill does not validate or sanitize the content of the downloaded cookbooks before using them to influence the agent's behavior.
[DATA_EXFILTRATION]: The skill provides a mechanism to read arbitrary local file content and transmit it to external API endpoints.
Evidence: The image_common.py script includes a fetch_reference_image function that reads raw bytes from any user-provided local path (including those using ~ expansion) and passes them to the generate_openai.py or generate_gemini.py scripts, which then upload the data to zenmux.ai or openai.com.
Risk: If an agent is successfully manipulated via prompt injection, it could be instructed to 'reference' sensitive system files (e.g., SSH keys, environment variables), resulting in their exfiltration as image data.
[EXTERNAL_DOWNLOADS]: The skill fetches and updates its internal reference library from several external sources at runtime.
Evidence: The refresh_references.sh script downloads content from raw.githubusercontent.com/YouMind-OpenLab/... and developers.openai.com. While the latter is a well-known service, the former is an untrusted third-party repository.

zenmux-image-generation