The Agent Skills Directory

[DATA_EXFILTRATION]: The skill utilizes the browser-cookie3 library to access and extract sensitive session cookies from Chrome's local database. While this is the intended authentication method to avoid API keys, it involves unauthorized access to browser credentials and session data.
[EXTERNAL_DOWNLOADS]: The install.js script downloads executable Python and Bash scripts (webapi, webapi.py) from the author's GitHub repository (github.com/nicobailon/gemini-multimodal) and saves them to the local skill directory.
[COMMAND_EXECUTION]: The installation process executes shell commands to create Python virtual environments, modify file permissions (chmod 755), and install external dependencies via pip.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8). It ingests untrusted data from external sources including local files (PDF, MP4, images) via the --file flag and YouTube content via the --youtube flag. In webapi.py, these inputs are interpolated into the prompt without boundary markers or sanitization logic to distinguish data from instructions. The skill's capability to perform network requests and write files (saving generated/edited images) increases the potential impact of such injections.

gemini