The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses execSync to run curl for API communication in scripts/providers/google.ts when a proxy is configured. The command string is constructed using interpolation of environment variables such as https_proxy, which could allow for command injection if these variables are controlled by an attacker.\n
Evidence: execSync(curl -s --connect-timeout 30 --max-time 300 ${proxyArgs} "${url}" -H "Content-Type: application/json" -H "x-goog-api-key: ${apiKey}" -d @-, ...) in scripts/providers/google.ts.\n- [EXTERNAL_DOWNLOADS]: The skill makes legitimate network requests to official endpoints for Google Gemini, OpenAI, Alibaba DashScope, and Replicate to generate and retrieve images.\n- [DATA_EXFILTRATION]: The skill reads local files provided via command-line arguments and sends their content to external AI provider endpoints.\n
Evidence: readFile is used in main.ts and provider scripts to ingest prompt files and reference images for transmission to remote APIs.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from local files and processes it through LLMs and system commands.\n
Ingestion points: scripts/main.ts via --promptfiles and --ref flags.\n
Boundary markers: Absent.\n
Capability inventory: File reading/writing, network operations, and subprocess execution (execSync).\n
Sanitization: Absent.

baoyu-image-gen