The Agent Skills Directory

[CREDENTIALS_UNSAFE] (HIGH): The script scripts/gemini_gen.py contains a hardcoded CLIENT_SECRET ('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') for Google OAuth. Hardcoding production secrets allows for credential theft and potential abuse of the associated Google Cloud project.
[DATA_EXFILTRATION] (HIGH): The skill accesses a sensitive local file path: ~/Library/Application Support/alma/plugin-storage/antigravity-auth/secrets.json. It extracts refreshToken and projectId from another plugin's private storage. Accessing credentials stored by other applications is a highly suspicious behavior characteristic of credential harvesting.
[COMMAND_EXECUTION] (LOW): The script uses subprocess.run to execute the open command on macOS. While used for the legitimate purpose of displaying the generated image, it interacts with the system shell using a dynamically determined filename.
[INDIRECT_PROMPT_INJECTION] (LOW): The skill ingests untrusted user input (the image prompt) and sends it to an external API. While the output (image bytes) is decoded and saved, the capability tier is LOW as it does not involve executing the returned content as code or using it for high-privilege decisions.

gemini-gen