The Agent Skills Directory

[SAFE]: No malicious patterns or security vulnerabilities were identified. The skill follows best practices by using the Python standard library for network requests and subprocess management.
[COMMAND_EXECUTION]: The skill uses subprocess.run to call a local configuration utility (clawdbot) to retrieve API keys. This is a secure method for handling credentials without hardcoding them. The command arguments are static, preventing any risk of shell injection.
[PROMPT_INJECTION]: As an image generation tool, the skill naturally processes user-provided prompts. While it lacks sanitization for these prompts, this is consistent with its primary purpose and does not introduce a security risk to the agent itself.
Ingestion points: The prompt variable in the generate_image method in krea_api.py.
Boundary markers: None; the prompt is embedded directly into a JSON object sent to the Krea.ai API.
Capability inventory: Network communication via urllib.request and local command execution for configuration access.
Sanitization: No input validation or escaping is applied to the prompt string before transmission.

krea-api