The Agent Skills Directory

[COMMAND_EXECUTION] (SAFE): The script batch_generate.py invokes generate_qr.py using subprocess.check_call with a list of arguments. This approach is secure as it avoids shell evaluation and prevents command injection from the URL or label inputs.\n- [EXTERNAL_DOWNLOADS] (SAFE): The requirements.txt file specifies qrcode and pillow, which are well-known and trusted Python libraries for image processing and QR generation.\n- [DATA_EXPOSURE] (SAFE): Analysis of the Python scripts confirms that no sensitive files (e.g., SSH keys, credentials) are accessed or transmitted. Network activity is limited to the data encoded within the generated QR codes.\n- [INDIRECT_PROMPT_INJECTION] (LOW): The skill handles untrusted data from CSV files and URLs. It mitigates injection risks through URL validation (checking schemes and netloc) and XML sanitization (EscapeXML function) before embedding text into SVG files. Ingestion points: batch_generate.py (CSV), generate_qr.py (URL/label). Capabilities: Subprocess execution, file system writes. Sanitization: URL parsing and XML entity escaping.

qr-code-generator