The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructions require the agent to execute terminal commands such as curl or wget to save images locally.
[EXTERNAL_DOWNLOADS]: The skill downloads content from external S3 URLs (a well-known service) to the local directory /Users/mac/Public/images/.
[PROMPT_INJECTION]: The skill contains an indirect prompt injection surface where user-supplied image prompts are used to construct filenames for shell commands.
Ingestion points: The image prompt parameter provided by the user.
Boundary markers: No delimiters or warnings are provided to prevent the agent from including shell metacharacters in the filename.
Capability inventory: The workflow utilizes shell command execution (curl/wget) and file system write access.
Sanitization: The skill lacks instructions to escape or sanitize characters in the kebab-case filename derived from user input, which could be exploited for command injection.

nano-banana-image-generator