The Agent Skills Directory

[CREDENTIALS_UNSAFE] (HIGH): The script scripts/generate.js programmatically reads the sensitive file /home/ubuntu/.clawdbot/agents/main/agent/auth-profiles.json to extract OAuth access tokens.
[DATA_EXFILTRATION] (HIGH): Extracted OAuth tokens are transmitted to an external endpoint (daily-cloudcode-pa.sandbox.googleapis.com) in the Authorization header. Accessing and transmitting credentials from a global configuration file outside the skill's own directory is a major security risk.
[COMMAND_EXECUTION] (MEDIUM): The script uses spoofed headers, such as X-Goog-Api-Client: google-cloud-sdk vscode_cloudshelleditor/0.1 and specific User-Agent strings, to impersonate authorized development environments and potentially bypass API restrictions.
[PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection because it interpolates the raw prompt argument directly into the API payload without sanitization or boundary markers, which could be exploited if the agent processes untrusted external data.

antigravity-image-gen