The Agent Skills Directory

[COMMAND_EXECUTION]: The instructions in SKILL.md direct the agent to execute a shell command where the user's input is directly interpolated: python <skill_dir>/scripts/generate_image.py "<prompt>". This pattern is highly susceptible to command injection if the user provides a prompt containing shell metacharacters like semicolons, backticks, or pipes.
[COMMAND_EXECUTION]: The SKILL.md file instructs the agent to download images from user-provided URLs using curl -L -o /tmp/ref_image.jpg "<url>". This creates a secondary command injection vector if the URL is not strictly validated or sanitized before execution.
[DATA_EXFILTRATION]: The skill is designed to read local files and upload their base64-encoded content to an external API (api.blockeden.xyz). An attacker could manipulate the agent into reading and exfiltrating sensitive local configuration files or credentials by masquerading them as image files for processing.
[CREDENTIALS_UNSAFE]: The scripts/utils.py script constructs API request URLs by embedding the BLOCKEDEN_ACCESS_KEY directly into the URL path: https://api.blockeden.xyz/gemini/{api_key}. This practice can lead to the exposure of the secret key in server access logs, proxy logs, or network monitoring tools.

image-gen-blockeden-gemini