The Agent Skills Directory

[DYNAMIC_EXECUTION]: The skill implements a caching mechanism in references/photo-indexing.md using the Python pickle module. Specifically, the QuickPhotoIndexer.load_cache method uses pickle.load() to deserialize a local file (photo_index.pkl). This is a known unsafe deserialization pattern; if an attacker manages to modify or replace the cache file, it can lead to arbitrary code execution during the indexing process.
[EXTERNAL_DOWNLOADS]: The skill fetches several pre-trained models and configurations from well-known technology providers. In references/perceptual-hashing.md and references/photo-indexing.md, it utilizes the transformers library to download DINOv2 and CLIP models from HuggingFace. In references/content-detection.md, it downloads YOLOv8 weights from Ultralytics. These are documented as standard operations for the skill's machine learning functionality.
[INDIRECT_PROMPT_INJECTION]: The skill processes untrusted image data through various detectors, including OCR via pytesseract in references/content-detection.md. While the current code only uses OCR to calculate text coverage for screenshot detection, the ingestion of arbitrary text from images creates an attack surface where malicious instructions could potentially influence the agent if the text were ever interpolated into a prompt.
Ingestion points: Image files processed by ScreenshotDetector.compute_text_coverage in references/content-detection.md and the indexing pipeline in references/photo-indexing.md.
Boundary markers: None present; the skill treats extracted metadata as trusted for internal scoring logic.
Capability inventory: The skill has access to Bash, Write, and Edit tools, and executes Python scripts that perform file system and image processing operations.
Sanitization: No explicit sanitization of OCR-extracted text is performed before it is used in calculations.

photo-content-recognition-curation-expert