The Agent Skills Directory

[CREDENTIALS_UNSAFE] (HIGH): Hardcoded sensitive credentials were found in multiple files. File config/secrets.md contains a live-looking API key sk-1p6RyJLH3e3TnfMEfN9clcwZru2V513pAIwK8h5fMVUTDnEv. Additionally, scripts/upload-image.ts contains a hardcoded API key for the freeimage.host service within a shell command string.
[COMMAND_EXECUTION] (MEDIUM): The scripts merge-to-long-image.ts and upload-image.ts utilize child_process.exec and execSync to run external binaries such as convert (ImageMagick) and curl. While filenames are quoted, the lack of strict input validation on parameters derived from user input or directory listings poses a risk of command injection.
[DATA_EXFILTRATION] (MEDIUM): The upload-image.ts script provides a direct mechanism to send local file content to public image hosting providers (sm.ms and freeimage.host). Because the script does not verify the file type or content before uploading, it could be used to exfiltrate sensitive files (like SSH keys or configuration files) if an attacker can control the file path argument.
[EXTERNAL_DOWNLOADS] (LOW): scripts/analyze-image.ts downloads data from arbitrary URLs provided via command-line arguments and saves them to the local filesystem without domain restrictions.
[PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8). 1. Ingestion points: Command-line arguments in analyze-image.ts and upload-image.ts accept untrusted URLs and paths. 2. Boundary markers: None; external inputs are interpolated directly into operations. 3. Capability inventory: File system read/write, shell command execution, and external network requests. 4. Sanitization: No validation or escaping is performed on the data retrieved from external sources before it is processed.

pw-image-generation