The Agent Skills Directory

[DATA_EXPOSURE]: Several example files (e.g., examples/sakura_mv_final.json, examples/yutin_mv_final.json, and examples/sakura_mv_final.md) contain hardcoded absolute file paths pointing to a specific user's home directory (e.g., /home/aa/.openclaw/...). While not a critical vulnerability, this practice reveals information about the author's local directory structure and environment.
[INDIRECT_PROMPT_INJECTION]: The skill processes untrusted external input (lyrics and audio) to dynamically generate visual prompts for third-party AI video and image models via scene-assigner.py and model-selector.py. This represents a potential indirect prompt injection surface where carefully crafted lyrics could attempt to influence the behavior of downstream generative models.
Ingestion points: Lyrics text and audio file metadata are ingested via scripts/lyrics-parser.py and scripts/audio-analyzer.py.
Boundary markers: The skill does not employ explicit boundary markers or instructions for the agent to ignore embedded commands within the lyrics.
Capability inventory: The skill uses local Python scripts to perform file operations and generate prompt strings; it does not directly execute remote commands but recommends model providers (e.g., Kling, Sora).
Sanitization: There is no evidence of sanitization or filtering for the lyric content before it is interpolated into the visual_prompt fields.

virtual-singer-mv-script