The Agent Skills Directory

[Indirect Prompt Injection] (MEDIUM): The skill handles untrusted external data via user-uploaded images which can serve as an injection vector. 1. Ingestion points: User-provided image files (e.g., 'file.png') processed via PIL's Image.open(). 2. Boundary markers: Absent; there are no instructions to delimit or ignore instructions that might be embedded in image metadata. 3. Capability inventory: Python execution (Pillow, imageio, numpy) and file system writes via builder.save(). 4. Sanitization: No validation or sanitization of image metadata or pixel data is described to prevent instruction leakage.

slack-gif-creator