The Agent Skills Directory

[INDIRECT_PROMPT_INJECTION] (LOW): The skill handles untrusted data which presents a surface for indirect prompt injection.
Ingestion points: Processes user-provided text prompts and external image files (Image.open("input.png")) as shown in the examples in SKILL.md.
Boundary markers: No explicit instructions or delimiters are provided in the code samples to prevent the model from obeying instructions embedded within the input images or prompts.
Capability inventory: The skill utilizes generate_content and can optionally enable google_search grounding, which could be influenced by injected instructions.
Sanitization: No input validation or sanitization of prompts or image content is implemented.
[DATA_EXPOSURE] (SAFE): The skill follows security best practices by recommending the use of an environment variable (GEMINI_API_KEY) for authentication rather than hardcoding secrets.
[COMMAND_EXECUTION] (SAFE): Documentation includes a diagnostic bash command (file image.png) for the user to verify file formats, but the skill itself does not contain logic to execute arbitrary shell commands.

gemini-imagegen