The Agent Skills Directory

[COMMAND_EXECUTION]: The skill invokes several shell utilities like ffmpeg and nlm CLI using variables for file paths (e.g., "<视频路径>", "<音频文件>", ""). This creates a potential for command injection if filenames or paths contain shell metacharacters. These commands are executed during the Pre-A and Post-A phases defined in SKILL.md.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. It ingests untrusted data from external URLs (Pre-B) and video transcriptions (Pre-A) which are then used to generate scripts. The skill lacks boundary markers or sanitization steps before this content is processed. Combined with the agent's capability to execute shell commands and write files, this presents a risk where malicious input could influence system-level actions.\n- [EXTERNAL_DOWNLOADS]: The skill relies on external tools and packages including ffmpeg, whisper-cli, opencli, and notebooklm-mcp-cli. These dependencies are required for core functionality but run with local privileges and originate from various third-party sources.\n- [DATA_EXFILTRATION]: Audio data is transmitted to siliconflow.cn for transcription services. While the skill correctly uses an environment variable ($SILICONFLOW_API_KEY) to manage credentials, the process involves sending local audio files to a remote endpoint, which should be considered when processing sensitive recordings.

laohan-chuangzuo