The Agent Skills Directory

[DYNAMIC_EXECUTION]: The skill uses curl to perform HTTP requests and echo to check environment variables. These operations are essential for retrieving file metadata and authentication states from the service's backend.- [UNVERIFIABLE_DEPENDENCIES_AND_REMOTE_CODE_EXECUTION]: The skill communicates with images.labnocturne.com to fetch data and a temporary authentication key. As these resources belong to the vendor's infrastructure and are necessary for the skill's primary function, they do not pose an external code execution risk.- [INDIRECT_PROMPT_INJECTION]: The skill processes and displays external data, specifically filenames and IDs from the Lab Nocturne API, which creates a potential surface for indirect injection if an attacker-controlled filename contains malicious instructions.
Ingestion points: API response body containing file metadata (filenames, IDs) processed in Step 5 of the instructions.
Boundary markers: There are no explicit delimiters or warnings to isolate the API-provided data from the agent's instructions.
Capability inventory: Shell execution capabilities are available via the curl tool.
Sanitization: The skill does not implement validation or escaping for strings returned by the remote API before presenting them.

image-files