The Agent Skills Directory

[SAFE]: The skill implements strong security practices for handling sensitive data. The scripts/acestep-thumbnail.sh script specifically prevents the direct printing or extraction of the API key via the config --get command and automatically masks it during configuration listings. Instructions explicitly warn against reading or displaying the key content.
[EXTERNAL_DOWNLOADS]: The skill communicates with generativelanguage.googleapis.com, which is an official, well-known service endpoint for Google Gemini. This is a standard and expected behavior for the skill's primary function of image generation.
[COMMAND_EXECUTION]: The skill uses local Bash scripts and standard CLI tools (curl, jq, base64) to manage API requests and file operations. These operations are restricted to the skill's own directory and a designated output folder (acestep_output), following the principle of least privilege.
[DATA_EXFILTRATION]: No evidence of unauthorized data transmission was found. Network activity is limited to the official Google API for the purpose of sending image generation prompts and receiving image data.

acestep-thumbnail