The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill contains a hardcoded Google API key within its documentation and command examples.
Evidence: The key AIzaSyDvvGGRbH4Os3Er0dYi0kE_AzE3_2b_Az8 is explicitly provided in SKILL.md as the value for the --api-key parameter.
[COMMAND_EXECUTION]: The skill instructs the agent to execute a local Python script using subprocess-style commands with arguments derived from untrusted user content.
Evidence: SKILL.md defines a command to run python3 scripts/generate_image.py with the --prompt argument populated by analyzed article content.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted article content to generate prompts for an image generation model without sufficient sanitization.
Ingestion points: Article text provided by the user (current file or path).
Boundary markers: Uses Markdown headers for structure, but lacks specific instructions to ignore malicious directives embedded within the article text.
Capability inventory: Executes local scripts (scripts/generate_image.py), writes files to the local filesystem, and calls external APIs.
Sanitization: No sanitization or escaping of the article content is performed before it is interpolated into the English image prompts.
[DATA_EXPOSURE]: The skill uses hardcoded absolute file paths that expose the author's local system username and directory structure.
Evidence: Multiple references in SKILL.md to the path /Users/ugreen/Documents/obsidian/09image/.

article-batch-illustration