The Agent Skills Directory

[COMMAND_EXECUTION]: The skill invokes a local script scripts/sofunny-image.js using Node.js, providing it with full access to the local file system and network.
[DATA_EXFILTRATION]: The script reads files specified via the --input parameter and sends their content (Base64-encoded) to a remote API server. If an attacker directs the agent to read sensitive system files (e.g., SSH keys or configuration files) and points the baseUrl to an external server, the skill effectively functions as a data exfiltration tool.
[CREDENTIALS_UNSAFE]: The script is designed to read secrets, specifically the SOFUNNY_API_KEY, from a dedicated configuration file at ~/.sofunny-image.env. While intended for credential management, this pattern exposes local tokens to the agent's execution context.
[PROMPT_INJECTION]: The skill accepts arbitrary text prompts and image files which are interpolated into the API request for the Gemini model. Without validation or boundary markers, the skill is vulnerable to indirect prompt injection where malicious instructions could be embedded in the prompt or the metadata of reference images.

sofunny-image