The Agent Skills Directory

[SAFE]: The skill uses the standard requests and google-genai libraries to interact with Google's Generative Language API. These communications are directed toward well-known, trusted endpoints (generativelanguage.googleapis.com).\n- [SAFE]: Sensitive data handling is restricted to reading and writing local image files as requested by the user. No unauthorized data exfiltration or access to sensitive system paths (like SSH keys or environment configs) was found.\n- [SAFE]: API credentials are handled securely. The documentation and scripts emphasize using environment variables (GEMINI_API_KEY) or command-line arguments, and no hardcoded keys are present in the source code.\n- [INDIRECT_PROMPT_INJECTION]: The skill includes an attack surface for indirect prompt injection as it processes untrusted local image files. This is consistent with the skill's primary purpose as an image editing utility.\n
Ingestion points: Image data is read from the local filesystem in edit_image.py, compose_images.py, and multi_turn_chat.py.\n
Boundary markers: The API requests encapsulate image data in inlineData parts separately from text prompts, providing a structural boundary.\n
Capability inventory: The scripts have capabilities for file system read/write and network egress to Google API endpoints.\n
Sanitization: Image data is converted to Base64 format for transmission. The skill documentation explicitly references Google's built-in safety settings and harm category thresholds, which mitigate risks from malicious content processing.

nano-banana-pro