The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The troubleshooting section recommends installing the package @anthropic-ai/gemini-cli via npm. This is highly suspicious as Gemini is a Google AI product, whereas @anthropic-ai is the official scope for Anthropic. Recommending a package that uses a deceptive name to impersonate a well-known service is a major red flag for potential supply-chain attacks.
[COMMAND_EXECUTION]: The skill uses the Bash tool to execute gemini commands where user-provided prompts are interpolated directly into shell arguments (e.g., gemini -p "[최적화된 프롬프트]"). There are no instructions for the agent to sanitize or escape shell metacharacters such as backticks, semicolons, or dollar signs. This creates a clear surface for command injection if an attacker provides a malicious prompt designed to execute arbitrary code.
[PROMPT_INJECTION]: The skill uses authoritative and mandatory language to override the agent's default behavior, stating the skill is "REQUIRED for all image generation requests" and instructing the agent to "ALWAYS use this skill" and "Do NOT attempt to generate images through any other method."
[EXTERNAL_DOWNLOADS]: Suggests brew install gemini. In the Homebrew registry, gemini refers to an unrelated protocol/browser, and its inclusion in an AI image generation skill is misleading and could lead to the installation of unintended software.

nano-banana