The Agent Skills Directory

[COMMAND_EXECUTION]: The skill constructs shell commands using output from external tools, notably in Phase 5.4 where it copies files using a filename returned by the image generation tool. This presents a command injection surface if the tool returns a malicious filename. It also uses the source command to load a .env file, which executes its contents in the shell.
[CREDENTIALS_UNSAFE]: The skill prompts the user for a GEMINI_API_KEY and saves it to a .env file in the project root. Storing secrets in plain text on the local filesystem increases the risk of credential exposure, despite attempts to update .gitignore.
[EXTERNAL_DOWNLOADS]: The skill depends on the nano-banana-mcp server. Troubleshooting steps suggest it may be downloaded via npx from the NPM registry if not locally available.
[PROMPT_INJECTION]: The skill processes user content to generate infographic concepts which are then interpolated into prompts for image generation. This represents an indirect prompt injection surface.
Ingestion points: User content is read in Phase 1.1 of SKILL.md.
Boundary markers: No boundary markers are used in prompt construction.
Capability inventory: Uses generate_image and edit_image tools.
Sanitization: No sanitization is performed on user input before interpolation into prompts.

infographic