The Agent Skills Directory

[Prompt Injection] (SAFE): Analysis of SKILL.md and associated scripts found no attempts to override agent instructions, bypass safety filters, or extract system prompts. Standard instructional prompts are used solely for model guidance.\n- [Data Exposure & Exfiltration] (SAFE): Sensitive data handling is limited to API keys loaded via standard environment variables (scripts/generate.py). No evidence of unauthorized local file access or network exfiltration to non-whitelisted domains was found.\n- [Obfuscation] (SAFE): All source files and documentation are provided in clear text; no Base64 encoding, zero-width characters, homoglyphs, or other obfuscation methods were detected.\n- [Remote Code Execution] (SAFE): Dependencies (google-genai, Pillow, numpy) are from trusted sources. The skill does not perform any remote script fetching, runtime compilation, or dynamic code evaluation of untrusted data.\n- [Indirect Prompt Injection] (LOW): The skill possesses an attack surface as it ingests untrusted user prompts and images (scripts/generate.py). However, its capabilities are restricted to image generation and local file storage, with no downstream execution or high-privilege decision-making based on the processed content. Evidence: 1. Ingestion points: scripts/generate.py (prompt/image input). 2. Boundary markers: Absent. 3. Capability inventory: Cloud API generation and local file writing. 4. Sanitization: Absent.

nano-banana-pro