The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The file jimeng_curl.txt contains hardcoded authorization tokens: 73795a52a17c7ee7e95c213a22135c96 and 0c461c8440a06e796ff904494b6f1f4a. These keys appear in example curl commands used to demonstrate the API functionality.
[EXTERNAL_DOWNLOADS]: The skill requires the user to download external software from non-standard repositories:
GitHub repository: https://github.com/wwwzhouhui/jimeng-mcp-server.git
Docker image: ghcr.io/wwwzhouhui/jimeng-free-api-all:latest
Docker image: wwwzhouhui569/jimeng-free-api-all:latest
While these are associated with the author's infrastructure, they represent a significant external code dependency.
[COMMAND_EXECUTION]: The installation process described in README.md and setup_guide.md requires several high-privilege shell commands, including pip install -r requirements.txt and docker run, which execute arbitrary code from the downloaded sources.
[INDIRECT_PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted user-supplied descriptions and external image URLs to generate content.
Ingestion points: User-provided prompt strings and images / file_paths URL arrays in all core tools.
Boundary markers: None identified; instructions are directly interpolated into API requests.
Capability inventory: Performs network requests to external API endpoints (https://jimeng1.duckcloud.fun/v1/...) and returns third-party URLs to the user.
Sanitization: No evidence of input sanitization or output validation for generated URLs or processed prompts.

jimeng_mcp_skill