The Agent Skills Directory

[DATA_EXFILTRATION]: The scripts/serve_review_page.py script starts a local HTTP server with a /local-media/ endpoint. This endpoint takes an absolute file path directly from the URL path and serves the file content without any path validation or restriction to the skill's directory. This allows for reading arbitrary sensitive files on the host system (e.g., .env, SSH keys) by providing their absolute paths in the request.
[COMMAND_EXECUTION]: Multiple scripts in the skill (scripts/ffmpeg_utils.py, scripts/local_asr.py, scripts/export_server.py) use subprocess.run to execute external binaries like ffmpeg for media processing and task management.
[EXTERNAL_DOWNLOADS]: The setup.sh and scripts/pipeline_url_to_asr.py scripts automatically install Python dependencies from the official package registry during setup and execution.
[PROMPT_INJECTION]: The skill processes untrusted transcription text derived from user-uploaded audio/video files. The agent is instructed to perform semantic correction on this text, which creates an indirect prompt injection surface where instructions embedded in the source media could influence agent behavior.
Ingestion points: step5_asr_raw_*.json (ASR transcription data).
Boundary markers: Absent in the instructions provided to the agent for the correction step.
Capability inventory: subprocess.run (command execution), requests.post (network API calls).
Sanitization: No sanitization or filtering is performed on the transcription text before it is processed by the agent.

byted-mediakit-voiceover-editing