The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses child_process.spawn to execute image processing commands such as sips, cwebp, and convert. The implementation uses an arguments array rather than a single command string, which is a security best practice that prevents shell command injection from malicious filenames.- [DATA_EXPOSURE]: The skill performs file operations to read images and write compressed versions. It includes an archiving feature that moves original files to an Archive/Original-Images directory relative to the current working directory. These operations are consistent with the skill's primary purpose and do not target sensitive system paths or credentials.- [INDIRECT_PROMPT_INJECTION]: The skill exposes an attack surface for indirect prompt injection by processing external filenames and directory paths provided via command-line arguments. Ingestion points: CLI arguments are parsed and resolved into file paths in scripts/main.ts. Boundary markers: No specific delimiters or safety warnings are used for the input paths. Capability inventory: The script has the capability to read, write, rename, and move files on the system, as well as execute specific subprocesses. Sanitization: The use of spawn with an arguments array ensures that any shell-special characters in filenames are treated as literal data, mitigating the risk of command execution.- [EXTERNAL_DOWNLOADS]: The skill relies on the standard sharp library and system-installed binaries. No unauthorized or runtime remote code downloads were identified in the source code.

baoyu-compress-image