The Agent Skills Directory

Indirect Prompt Injection (LOW): The skill contains a vulnerability surface where user-provided text is interpolated into a system prompt sent to GPT-5.
Ingestion points: The user_prompt variable in the analyze_photo_prompt function within references/implementation.md.
Boundary markers: The prompt uses simple double-quote delimiters (User prompt: "{user_prompt}") without explicit instructions to the model to ignore embedded commands.
Capability inventory: The skill can perform network requests to the OpenRouter API and write files to the disk using the PIL library.
Sanitization: Malicious attempts to influence the output are neutralized by the validate_multipliers function, which ensures that regardless of the LLM's response, the final adjustment values remain within a safe, non-destructive range.
External Downloads (SAFE): The skill connects to openrouter.ai, which is a legitimate service. No untrusted third-party scripts or executables are downloaded or executed.
Command Execution (SAFE): No use of os.system, subprocess, or eval with user-controlled strings was detected. All image processing is handled via the Pillow (PIL) library.
Credentials Unsafe (SAFE): The skill requires an OPENROUTER_API_KEY, but no real keys are hardcoded. Placeholders like sk-or-... and your-key-here are used correctly in the documentation.

photo-color