The Agent Skills Directory

Command Execution (LOW): The documentation in rules/uploads.md directs the agent to execute a curl shell command to perform file uploads. Providing direct shell command instructions increases the attack surface as it bypasses higher-level API abstractions. \n- Data Exfiltration (LOW): The provided curl command uses the --data-binary @image.png syntax. If an attacker can influence the agent to replace image.png with a sensitive file path (e.g., ~/.ssh/id_rsa), the command would exfiltrate that file to the specified Vercel Blob storage. \n- External Downloads (LOW): The skill communicates with stablestudio.io, which is an external domain not listed in the trusted sources whitelist. Although the site appears to be the legitimate service provider, network operations to non-whitelisted domains are noted for monitoring. \n- Indirect Prompt Injection (LOW): The skill processes data from stablestudio.io and vercel.com (poll results and upload URLs), which could be manipulated by an external actor. \n
Ingestion points: Polling responses from https://stablestudio.io/api/x402/jobs/{jobId} and upload metadata. \n
Boundary markers: No delimiters or 'ignore' instructions are used when processing API responses. \n
Capability inventory: Shell command execution (curl) and network requests (x402.fetch). \n
Sanitization: There is no evidence of validation or sanitization for external content before it is processed by the agent.

media-generation