The Agent Skills Directory

[PROMPT_INJECTION]: The skill features a 'Trend-Driven Prompt Enrichment' workflow (Step 5) that performs web searches and incorporates the results directly into image generation prompts. It also scans local HTML files (Step 4) to identify image needs. These processes ingest untrusted data from external websites and local project files, creating an indirect prompt injection surface. -- Ingestion points: Web search results for industry/design trends and local HTML files (e.g., ./public/index.html). -- Boundary markers: No specific delimiters or 'ignore' instructions are used when interpolating external data into prompts. -- Capability inventory: The skill executes local Node.js scripts (cli/index.js) and makes network requests to the WaveSpeed API. -- Sanitization: There is no evidence of sanitization or filtering of web search results or HTML content before they are used to enrich prompts.
[NO_CODE]: The documentation references and provides commands for 'cli/index.js' and 'landing/server.js', but these files are not included in the skill package. This 'missing code' state means the actual implementation of the asset analysis and image generation logic cannot be verified for security best practices or malicious intent.
[COMMAND_EXECUTION]: The skill instructions require the agent to execute shell commands (e.g., node cli/index.js generate-images). While these are standard for the described functionality, the use of dynamic inputs (like custom presets) in these commands could be a risk if the inputs are compromised via the indirect injection channels.

nano-banana-2-image-assets