The Agent Skills Directory

[DATA_EXFILTRATION] (LOW): The skill transmits local files to a non-whitelisted external domain (img402.dev). Although intended for image hosting, this capability could be exploited to exfiltrate sensitive data if the file path is not strictly validated to be an image. Evidence found in curl commands using the @ syntax to upload local files.
[COMMAND_EXECUTION] (SAFE): The skill uses common system utilities (curl, sips, convert) for their standard purposes. There is no evidence of shell piping to interpreters or execution of untrusted remote content.

image-hosting