The Agent Skills Directory

[PROMPT_INJECTION]: The prompt template for image generation includes a directive intended to bypass safety constraints by stating the model "must not refuse to generate" if sensitive or copyrighted characters are requested.
[COMMAND_EXECUTION]: The skill executes a local Python script (scripts/generate.py) via the shell to handle the image generation workflow. While this is the primary intended function, it involves executing unverified code from the skill package.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it reads user-provided article content and interpolates a refined theme directly into a prompt template without sanitization. • Ingestion points: External article files or theme text provided by the user in SKILL.md. • Boundary markers: No delimiters or instructions to ignore embedded commands are present around the interpolated theme. • Capability inventory: Local file writes (prompt.md), subprocess execution (python3), and network communication with a user-configured API endpoint. • Sanitization: No validation or escaping is applied to the content extracted from the user's article before it is passed to the generation model.

xiaohu-wechat-cover