The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands directly on the host system, including the use of sudo apt install which grants root-level privileges for software installation.
[COMMAND_EXECUTION]: The method for concatenating videos involves generating a text file using printf "file '%s'\n" ... > list.txt. This pattern is susceptible to command injection and shell breakage if the input filenames are not properly sanitized by the agent before being included in the command string.
[COMMAND_EXECUTION]: The concatenation command uses the -safe 0 flag (ffmpeg -f concat -safe 0 -i list.txt), which disables path safety checks in ffmpeg. This allows the tool to access and process files from any location on the system if the input file list is manipulated.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes potentially untrusted filenames and metadata.
Ingestion points: Filenames and media metadata in SKILL.md and references/operations.md.
Boundary markers: Absent; there are no delimiters or warnings to ignore embedded instructions in processed data.
Capability inventory: Local shell command execution and file system read/write access via ffmpeg, ffprobe, printf, and rm.
Sanitization: Absent; the skill lacks instructions for validating or escaping inputs before they are used in shell commands.
[EXTERNAL_DOWNLOADS]: The skill references the installation of ffmpeg through standard package managers like Homebrew and APT, which are recognized as well-known services.

video-edit