The Agent Skills Directory

PROMPT_INJECTION (MEDIUM): Indirect Prompt Injection Surface.
Ingestion points: Untrusted user input enters the system via the prompt parameter in the generateImage server action in SKILL.md and references/configuration.md.
Boundary markers: Absent. User input is concatenated directly into the model request without delimiters or 'ignore' instructions to prevent instruction override.
Capability inventory: The skill possesses capabilities to make external API calls via generateText and write data to persistent storage using @vercel/blob (put) and @aws-sdk/client-s3 (PutObjectCommand).
Sanitization: Absent. There is no logic provided to sanitize or validate user input before it reaches the AI model.
PROMPT_INJECTION (MEDIUM): Misleading Metadata. The skill references fictional model strings such as gemini-2.5-flash-image and gemini-3-pro-image-preview. While not explicitly malicious, providing hallucinated technical specifications can lead to operational failure or unintended agent behavior when the agent attempts to use these invalid identifiers.

nano-banana-builder