The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill specifies the installation of the 'sharp' package (v0.34.5) via npm. Sharp is a well-known and widely-trusted library for high-performance image processing. This dependency is considered standard for the skill's stated purpose.
[DATA_EXFILTRATION]: The Next.js API route example demonstrates an Indirect Prompt Injection surface where untrusted data (a URL) is passed directly to a network operation, creating a potential Server-Side Request Forgery (SSRF) vulnerability.
Ingestion points: SKILL.md (Next.js route example takes url from query parameters).
Boundary markers: Absent in the example code.
Capability inventory: The skill demonstrates network fetching (fetch) and file system operations (toFile, toBuffer) across SKILL.md and README.md.
Sanitization: No validation or sanitization of the input URL is present in the specific example provided.
[COMMAND_EXECUTION]: Provides standard instructions for library installation using package managers such as npm. This is expected behavior for a developer-centric image processing skill.

sharp