The Agent Skills Directory

[Indirect Prompt Injection] (HIGH): The skill processes untrusted input through the --prompt and --promptfiles arguments which are then passed to external AI APIs. * Ingestion points: User-provided text strings and contents of local files via --promptfiles. * Boundary markers: None identified; instructions do not specify delimitation of untrusted content. * Capability inventory: Network access for API calls and file system write access for saving generated images. * Sanitization: No evidence of input validation or prompt escaping to prevent instructions from overriding agent behavior.
[Command Execution] (MEDIUM): The skill executes shell commands to check for file existence (test -f) and runs a local TypeScript script (main.ts) using the bun runtime.
[Data Exposure] (MEDIUM): Accesses sensitive configuration files including .env and $HOME/.baoyu-skills/.env to load API credentials. While standard for functionality, the ingestion of arbitrary file contents via --promptfiles could be used to exfiltrate these secrets if the model is successfully injected.
[External Downloads] (LOW): Uses 'npx -y bun' which may download the bun runtime from npm registries if not present locally.

baoyu-image-gen