The Agent Skills Directory

Remote Code Execution (SAFE): The TypeScript script scripts/merge-to-pdf.ts is a localized utility for combining images into a PDF using the standard pdf-lib library. It does not perform any dangerous operations or execute remote commands.\n- Data Exposure & Exfiltration (SAFE): No sensitive file paths, hardcoded credentials, or unauthorized network operations were detected in the skill's references or scripts.\n- Obfuscation (SAFE): All skill files are written in clear, human-readable Markdown and TypeScript. No Base64 encoding, zero-width characters, or homoglyph-based evasion techniques are present.\n- Indirect Prompt Injection (LOW): The skill has a data ingestion surface that processes user-provided content to generate comic storyboards, which is a potential vector for indirect injection.\n
Ingestion points: User-supplied content.md files processed for storyboard generation.\n
Boundary markers: Not explicitly defined in templates, though markdown structural blocks are used.\n
Capability inventory: Includes local file system writes and image generation capabilities.\n
Sanitization: No explicit sanitization or filtering of input content is implemented within the provided templates.\n- Prompt Injection (SAFE): The instructions are focused on style and layout constraints (e.g., Ohmsha style rules) and do not contain patterns to bypass safety filters or override the agent's core instructions.

baoyu-comic