The Agent Skills Directory

[SAFE]: The skill provides documentation for interacting with EachLabs' generative media API. All network operations are directed to the vendor's official domain (sense.eachlabs.run).- [DATA_EXFILTRATION]: The skill transmits user-provided text prompts and external image URLs to the EachLabs API for processing. This is the intended functionality for the tool and is clearly documented.- [CREDENTIALS_UNSAFE]: The skill requires an API key for authentication but correctly advises users to provide this via an environment variable (EACHLABS_API_KEY) rather than hardcoding it into scripts or instructions.- [PROMPT_INJECTION]: The skill includes an attack surface for indirect prompt injection via the 'web_search' feature and 'image_urls' parameter, which ingest untrusted external data. 1. Ingestion points: message parameter, image_urls array, and web search results. 2. Boundary markers: None identified in the provided documentation for isolating external content. 3. Capability inventory: Web search, media generation, and tool calls. 4. Sanitization: Not explicitly addressed in the skill files.

each-sense