The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill documentation recommends installing the @evolinkai/evolink-media MCP server from the official NPM registry using npx. This is a vendor-owned resource used to provide the skill's primary functionality.\n- [COMMAND_EXECUTION]: The skill includes a bash script scripts/evolink-image-gen.sh which utilizes curl and jq to communicate with the Evolink API endpoints. Technical review shows the script is securely implemented, using jq --arg to safely encode user-provided text into JSON payloads, which prevents command injection vulnerabilities.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes user-supplied text prompts and image URLs for generation. Evidence Chain: 1. Ingestion points: User prompts and image URLs accepted via tool parameters and script arguments. 2. Boundary markers: None present. 3. Capability inventory: Network access via curl and file upload tools. 4. Sanitization: The helper script correctly escapes input for the shell, but no specific protection against prompt-based instruction overrides is implemented. This represents a standard risk for LLM-based tools.

evolink-image