The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill instructs the agent to read ~/.cursor/mcp.json and ~/.claude.json to detect configuration. These files are standard configuration paths for Cursor and Claude desktop applications and typically contain sensitive API keys and secrets for various MCP servers.
[CREDENTIALS_UNSAFE]: In references/troubleshooting.md, the skill provides a Python script that uses json.dumps(cfg) to print the entire configuration of the douyin-mcp server. If the user has followed the setup.md instructions, this output will include the plaintext API keys (DOUYIN_API_KEY or DASHSCOPE_API_KEY) in the agent's response or logs.
[COMMAND_EXECUTION]: The skill relies on executing shell commands via mcporter and uvx. It uses user-provided video links as arguments in these shell calls, which could be exploited if the links are not properly sanitized before being passed to the shell.
[INDIRECT_PROMPT_INJECTION]: The skill has a significant attack surface for indirect prompt injection as it ingests untrusted data from an external source (Douyin).
Ingestion points: Video titles are extracted via the browser tool's snapshot and video transcripts are extracted via douyin-mcp.extract_douyin_text in SKILL.md (Step 2 and 3).
Boundary markers: No delimiters or instructions to ignore embedded commands are present when processing the extracted text.
Capability inventory: The skill has access to shell execution (mcporter), browser automation (browser), and file reading capabilities.
Sanitization: There is no evidence of sanitization or filtering for the video titles or transcripts before they are processed by the agent.
[EXTERNAL_DOWNLOADS]: The skill suggests installing mcporter via NPM and uses uvx to run douyin-mcp-server. These are third-party packages from non-whitelisted sources that are executed with local environment permissions.

douyin-video-analyst