The Agent Skills Directory

[COMMAND_EXECUTION] (MEDIUM): The SKILL.md workflow instructs the agent to execute shell commands (Step 2 and Step 5) using variables derived from user input ({style}, {brand}, {description}, etc.). If the agent performs literal string interpolation without sanitization, an attacker could provide input containing shell metacharacters (e.g., ;, &, |) to execute arbitrary commands on the underlying system.\n
Evidence: python3 <nanobanana_skill_dir>/scripts/batch_generate.py "{style} banner for {brand}, {description}, {text elements}" in SKILL.md.\n- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill has a hard dependency on the nanobanana skill for core image generation. Because this dependency is a local path reference to an external skill not included in this audit, its safety and behavior are unverifiable.\n
Evidence: Required Skills: nanobanana and repeated references to <nanobanana_skill_dir> in SKILL.md.\n- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection vulnerability surface.\n
Ingestion points: SKILL.md Step 1 (Purpose, Target ratio, Style preference, Content elements, Color preferences).\n
Boundary markers: None. The instructions do not use delimiters or specify that the agent should ignore instructions embedded in user-provided style descriptions.\n
Capability inventory: File system access (.skill-archive), subprocess execution via python3, and network operations (implied via the nanobanana API calls).\n
Sanitization: No sanitization or validation logic is defined for user input before it is interpolated into generation prompts.

banner-creator