The Agent Skills Directory

[DYNAMIC_EXECUTION]: The script scripts/generate.ts performs dynamic module loading by computing paths at runtime. It resolves the plugin's root directory by searching environment variables (e.g., GEMSKILLS_ROOT) and local configuration files, then uses import() to load core utilities from these computed paths. Additionally, the skill documentation describes a workflow that involves executing other local scripts via bun run, such as a preview server for browsing art styles.
[INDIRECT_PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8 surface) because it interpolates raw user input into a final prompt sent to external image generation models.
Ingestion points: Raw image prompts are accepted as command-line arguments in scripts/generate.ts and SKILL.md.
Boundary markers: User input is directly concatenated with style hints and system instructions (e.g., finalPrompt = \${style.promptHints}, ${prompt}``) without any delimiters or specific instructions to the model to ignore embedded commands.
Capability inventory: The skill possesses file-write capabilities (saveImage) and makes network requests to Gemini and Replicate APIs.
Sanitization: There is no evidence of sanitization, validation, or escaping of the user-provided prompt string before it is used in the final API request.

generate-image