The Agent Skills Directory

[COMMAND_EXECUTION]: The skill's core functionality relies on executing generated Python code via the 'uv run' command. This provides a broad attack surface where an agent could be manipulated into performing unauthorized system operations, such as accessing sensitive files or executing shell commands, under the guise of image processing tasks.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it incorporates untrusted user input directly into dynamically generated Python scripts. Ingestion points: User prompts for image generation and instructions for image editing found in 'SKILL.md' and 'references/guide.md'. Boundary markers: The scripts use shell heredocs ('EOF') to define the script boundaries but lack internal delimiters or sanitization for the user's text within the Python code strings. Capability inventory: Scripts can execute arbitrary Python code, utilize the 'google-genai' library for network-based API calls, and use 'pillow' for local file system read/write operations. Sanitization: No input validation or escaping is performed on the user-provided prompts before interpolation into the script logic.
[EXTERNAL_DOWNLOADS]: The skill automatically downloads and installs the 'google-genai' and 'pillow' packages using the 'uv' package manager. These are well-known and reputable libraries from trusted sources.

nano-banana