The Agent Skills Directory

Prompt Injection (SAFE): The instructions in SKILL.md and metadata do not contain bypass markers, role-play injections, or instructions to ignore safety protocols.\n- Data Exposure & Exfiltration (SAFE): The scripts access only local font directories and user-specified output paths. No access to sensitive credentials, configuration files (~/.aws, etc.), or network-based data exfiltration was detected.\n- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill recommends installing 'Pillow' and system fonts from trusted official repositories. No remote execution patterns (e.g., 'curl | bash') or untrusted package installations were found.\n- Privilege Escalation (SAFE): The README suggests using 'sudo' only for installing system fonts, which is a standard administrative task for CJK support and not an automated escalation exploit.\n- Indirect Prompt Injection (SAFE): The skill ingests user-provided topics to generate content. Evidence Chain: 1. Ingestion: User topic in SKILL.md used by agent to generate card content. 2. Boundary: Content is passed to scripts via bash heredocs. 3. Capability: Scripts write PNG files to disk using PIL.Image.save(). 4. Sanitization: Absent, as content is only rendered as static text in an image.\n- Dynamic Execution (SAFE): No use of dynamic execution functions such as 'eval()', 'exec()', or runtime compilation was found in the provided Python scripts.

card-news-generator-v2