The Agent Skills Directory

[COMMAND_EXECUTION]: The skill workflow involves executing several local scripts and system utilities to perform its tasks.
Evidence: SKILL.md contains instructions to execute uv run, python3, npx playwright, and the macOS open command for file operations and previews.
[CREDENTIALS_UNSAFE]: The skill is designed to retrieve API credentials from a local environment file on the user's filesystem.
Evidence: SKILL.md uses grep GEMINI_API_KEY ~/.claude/.env to source credentials for the image generation script.
[DATA_EXFILTRATION]: The skill intentionally uploads generated assets to an external image hosting provider.
Evidence: Step 5 in SKILL.md describes the use of a local script upload_image.py to send images to ImgBB and return public links.
[EXTERNAL_DOWNLOADS]: The skill relies on external tools and APIs that may perform downloads at runtime.
Evidence: The use of npx playwright typically involves downloading browser binaries if they are not already cached, and the Python script connects to Google's Gemini API.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it interpolates user-provided text into AI prompts.
Ingestion points: User-provided titles, keywords, and themes in SKILL.md Step 1.
Boundary markers: Absent; user text is placed directly into the prompt template in Step 3.
Capability inventory: The skill can execute subprocesses, perform network requests, and write to the local filesystem.
Sanitization: No sanitization or validation of user input is performed before interpolation into the prompt.

huashu-xhs-image