The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill fetches media files and JSON metadata from official Pexels domains (api.pexels.com, images.pexels.com, and videos.pexels.com). These are well-known and expected endpoints for the service.
[COMMAND_EXECUTION]: It utilizes standard shell commands including curl for networking and jq for JSON manipulation. These operations are restricted to the primary purpose of media retrieval and metadata storage.
[DATA_EXPOSURE]: The skill correctly instructs the agent to use the PEXELS_API_KEY environment variable for authentication, which is a secure practice for managing secrets compared to hardcoding.
[INDIRECT_PROMPT_INJECTION]: The skill processes data returned from the Pexels API (such as photographer names and download URLs) and incorporates it into subsequent commands and metadata files. While this represents an ingestion point for external data, the risk is minimal given the source is a well-known service and the data is used for structured metadata generation.

pexels-media