The Agent Skills Directory

[Indirect Prompt Injection / Command Injection] (HIGH): The skill defines commands that interpolate untrusted user input directly into shell arguments via uv run {baseDir}/scripts/generate_image.py --prompt "{prompt}". * Ingestion points: Untrusted data enters the agent context through the --prompt and --filename arguments in the bash command blocks. * Boundary markers: Although double quotes are used in examples, there are no explicit instructions for the agent to sanitize or shell-escape metacharacters (e.g., backticks, $(), or semicolons). * Capability inventory: The skill can execute sub-processes (uv run) and modify the local filesystem via --filename. * Sanitization: No sanitization or validation logic is present in the instruction file.
[External Downloads] (LOW): The metadata requests the installation of uv via Homebrew (brew install uv). While Homebrew and uv are reputable tools, this constitutes an external binary dependency that is installed on the host.
[Credentials Unsafe] (LOW): The skill requires a GEMINI_API_KEY environment variable. While typical for API-based services, this highlights a dependency on sensitive credential management.

nano-banana-pro