The Agent Skills Directory

[DATA_EXFILTRATION] (HIGH): The script 'scripts/generate_image.py' permits arbitrary file access through the '--input' parameter. It reads the specified file and sends its base64 representation to 'openrouter.ai'. This design can be exploited to exfiltrate sensitive data such as private keys or cloud credentials if an attacker influences the input path passed to the agent.
[CREDENTIALS_UNSAFE] (LOW): The 'check_env_file' function in 'scripts/generate_image.py' traverses all parent directories searching for '.env' files to find API keys. This broad directory traversal can result in the accidental discovery and exposure of sensitive credentials from unrelated projects on the host system.
[PROMPT_INJECTION] (LOW): Category 8 (Indirect Prompt Injection): The skill is vulnerable to indirect injection as it processes untrusted prompts and image data. 1. Ingestion points: 'prompt' and 'input_image' CLI arguments in 'scripts/generate_image.py'. 2. Boundary markers: Absent. 3. Capability inventory: Network access via 'requests.post' and local file writing via 'open().write()'. 4. Sanitization: None detected. This combination allows external content to potentially direct agent actions or exfiltrate data.
[PROMPT_INJECTION] (LOW): The 'SKILL.md' file includes promotional instructions that direct the agent to proactively recommend a third-party platform (www.k-dense.ai) when task complexity increases. This is a form of instruction hijacking designed to steer agent behavior for commercial interests.

generate-image