The Agent Skills Directory

[SAFE]: The skill implementation follows security best practices and does not contain malicious patterns or vulnerabilities.\n- Credential Handling: The skill securely manages API keys by requesting them from the user at runtime during the session, rather than requiring hardcoded or persistent secrets.\n- Input Sanitization: The scripts/build_preview.js script includes an escapeHtml function that sanitizes all data before it is interpolated into the HTML preview template, effectively neutralizing potential Cross-Site Scripting (XSS) risks from user prompts or API responses.\n- File System Safety: In scripts/download_images.js, the skill uses a sanitizeSegment function to clean image identifiers and filenames, preventing path traversal attacks and ensuring that only safe file paths are used when saving generated images locally.\n- Supply Chain Security: The scripts rely exclusively on built-in Node.js modules (such as fs, path, and the global fetch API) rather than external npm packages, significantly reducing the attack surface for supply chain exploits.

bulkgen