The Agent Skills Directory

[SAFE]: The skill implements a robust and well-documented workflow for AI-assisted image generation and editing.\n
The logic is partitioned into template selection, prompt rendering, and API execution.\n
All operations are transparent and consistent with the skill's stated purpose of providing a structured image-generation environment.\n- [COMMAND_EXECUTION]: The skill utilizes Node.js scripts to handle communication with image generation APIs.\n
Evidence: scripts/generate.js and scripts/edit.js are used to send structured payloads to remote endpoints.\n
The scripts do not execute arbitrary commands based on untrusted user input; they strictly perform HTTP requests and file I/O operations.\n- [EXTERNAL_DOWNLOADS]: The skill retrieves image binary data from URLs provided by the configured AI gateway.\n
Evidence: The fetchBytesFromUrl function in scripts/shared.js downloads content from the URL returned in the API response.\n
These downloads are confined to the image-generation workflow and default to trusted, well-known AI service domains.\n- [CREDENTIALS_UNSAFE]: The skill manages authentication tokens using standard local environment configuration.\n
Evidence: The loadAmbientEnv function in scripts/shared.js reads keys from .env and ~/.gateway.env files.\n
This approach avoids hardcoding secrets and relies on user-controlled configuration files for credential management.

gpt-image-2