The Agent Skills Directory

[Data Exposure & Exfiltration] (HIGH): The Python code in SKILL.md implements a file upload workflow that reads local files using open(image_path, 'rb') and sends the binary content to a remote ByteDance endpoint via requests.post. Because there is no logic to verify that the file is an image or that the path is restricted to a safe directory, the skill can be abused to exfiltrate any file the execution environment has permissions to read.\n- [Indirect Prompt Injection] (LOW): The skill provides an exploit surface where untrusted input (the image_path) controls which local data is processed and sent externally.\n
Ingestion points: image_path parameter in the upload_image function.\n
Boundary markers: Absent; there are no delimiters or instructions to prevent the processing of malicious file paths.\n
Capability inventory: Local file system read access (open) and outbound network capabilities (requests).\n
Sanitization: Absent; the code does not perform path normalization, extension checks, or MIME-type validation.

dreamina-upload-image