The Agent Skills Directory

[SAFE]: The skill handles authentication securely by using the $EACHLABS_API_KEY environment variable in its API examples, avoiding the risk of hardcoded credentials.
[SAFE]: All network operations documented in the skill target the vendor's official domains (sense.eachlabs.run, storage.eachlabs.ai), which are legitimate endpoints for the service provided by eachlabs.
[PROMPT_INJECTION]: The skill includes an attack surface for indirect prompt injection as it processes user-provided image URLs and text messages. However, there are no malicious instructions present in the provided files.
Ingestion points: The image_urls and message fields in the curl examples within SKILL.md accept external data.
Boundary markers: No specific delimiters or boundary markers are defined to isolate untrusted user input within the API request payloads.
Capability inventory: The skill uses the EachLabs API to generate transformed images, text responses, and manage multi-step workflows.
Sanitization: The documentation does not specify any sanitization or validation logic for the input parameters.

age-transformation