The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because user descriptions are directly concatenated into the system prompt sent to the Gemini model in scripts/generate_infographic.mjs.
Ingestion points: The --prompt command-line argument accepts arbitrary user text.
Boundary markers: No delimiters or safety instructions are used to isolate user input from the rest of the prompt.
Capability inventory: The script performs file system operations (creating directories and writing PNG/JPG/WebP files) and makes network calls to the Google Gemini API.
Sanitization: No input validation or sanitization is performed on the user-supplied content before it is processed.
[COMMAND_EXECUTION]: The generate_infographic.mjs script allows users to specify an output directory and filename via --output and --name parameters. These are used in path.join() without verification, creating a surface for path traversal attacks where a malicious agent could be directed to write files to sensitive system locations.
[DATA_EXFILTRATION]: The script accesses a configuration file at ~/.config/gemini/config.json to retrieve API credentials. While this is standard for CLI tools, the access to a sensitive configuration path should be noted as a data exposure surface.

gemini-infographic