The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes the meitu CLI command to perform image editing tasks. This behavior is documented and restricted to the commands specified in the skill's manifest.
[EXTERNAL_DOWNLOADS]: The skill requires the meitu-cli package, which is downloaded from the standard NPM registry. This is a well-known service and the package is appropriate for the skill's stated purpose.
[DATA_EXFILTRATION]: The skill reads API credentials from ~/.meitu/credentials.json and system environment variables. This access is necessary for authenticating with the Meitu AI platform and is explicitly declared in the skill's configuration metadata.
[PROMPT_INJECTION]: The skill manages an indirect prompt injection surface through the following evidence chain: 1. Ingestion points: User-provided images and instructions are processed in the Execute step of SKILL.md. 2. Boundary markers: The skill utilizes structured templates in references/prompts.md with explicit PREFIX_INSTRUCTION and SUFFIX_INSTRUCTION markers to isolate user input. 3. Capability inventory: Subprocess execution of the meitu command is the primary capability (defined in SKILL.md). 4. Sanitization: No specific sanitization or escaping is performed on the input strings, but the use of rigid instruction blocks mitigates the risk of the agent obeying embedded commands.

meitu-product-swap