The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/chat.sh performs unquoted expansion of the $HEADERS variable within a curl command. This creates a shell injection vulnerability if the POLLINATIONS_API_KEY environment variable is manipulated to contain shell metacharacters such as semicolons or command substitutions.
[COMMAND_EXECUTION]: The script scripts/tts.sh constructs a JSON request body using string interpolation for the $VOICE and $FORMAT variables before passing the string to jq. This allows for JSON structure injection if these parameters are not strictly validated, although the impact is limited to the API request itself.
[DATA_EXFILTRATION]: The skill transmits user-supplied text prompts and optional image/video URLs to the external service gen.pollinations.ai. This is consistent with the skill's stated purpose of providing AI generation capabilities.
[PROMPT_INJECTION]: The skill is a surface for indirect prompt injection. Because it retrieves and displays content generated by an external AI service, the agent could potentially be influenced by instructions embedded in the API's responses if those responses are not treated as untrusted data.
Ingestion points: API responses from gen.pollinations.ai (captured in scripts/chat.sh and scripts/tts.sh).
Boundary markers: None present in the scripts or documentation to distinguish service output from agent instructions.
Capability inventory: The agent has access to shell execution (curl, jq, base64) and file system writes.
Sanitization: Prompts are URL-encoded in scripts/image.sh and handled via jq --arg in other scripts, but the output returned to the agent is not sanitized.

pollinations