The Agent Skills Directory

Indirect Prompt Injection (LOW): The skill workflow involves ingesting user-provided 'existing prompts' and 'visual references' to guide the prompt-crafting process. This creates a surface where malicious instructions embedded in user data could influence the agent's behavior. * Ingestion points: Step 1 in SKILL.md explicitly gathers user prompts and images. * Boundary markers: The skill does not define explicit delimiters or instructions to ignore commands within the user's reference material. * Capability inventory: The skill's capabilities are restricted to gathering information via AskUserQuestion and passing the final prompt to the nano-banana skill. It lacks dangerous capabilities like shell access or file system modification. * Sanitization: No input sanitization or validation steps are described for the gathered materials.

nano-banana-prompting