The Agent Skills Directory

[DATA_EXFILTRATION] (LOW): The script transmits data, including user prompts and base64-encoded images, to the OpenRouter API endpoint (https://openrouter.ai/api/v1/chat/completions). While this is the primary purpose of the skill, the destination is not on the established whitelist for network operations.
[PROMPT_INJECTION] (LOW): The skill possesses an indirect prompt injection surface as it interpolates untrusted user text into API requests. 1. Ingestion points: 'prompt' and 'input_image' arguments in scripts/generate_image.py. 2. Boundary markers: Absent; prompts are passed directly to the 'content' field of the message. 3. Capability inventory: Subprocess calls are absent; capabilities are limited to network requests (requests.post) and local file system access (open). 4. Sanitization: No input validation or instruction filtering is performed.

generate-image