The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The shell scripts scripts/remove-background.sh and scripts/batch-remove-background.sh contain logic to automatically install the rmbg-cli package globally using npm install -g rmbg-cli if the command is not found on the system.
[COMMAND_EXECUTION]: Multiple Python scripts (batch_resize.py, media_convert.py, video_optimize.py) and shell scripts execute system commands for media processing. While the Python scripts use the recommended list-based approach for subprocess.run() to mitigate command injection, the automated nature of these tools on user-provided files is a core capability that requires user trust in the input data.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8). An attacker could provide maliciously crafted media files designed to exploit vulnerabilities in FFmpeg or ImageMagick (such as the 'ImageTragick' class of vulnerabilities).
Ingestion points: Media files provided as arguments to processing scripts in scripts/.
Boundary markers: The skill does not implement specific boundary markers or 'ignore' instructions for the content of the processed media metadata.
Capability inventory: The skill has extensive capabilities to execute shell commands and write to the file system across all processing scripts.
Sanitization: Scripts rely on standard shell quoting and subprocess list-style arguments, which protect against simple filename-based injection but not against vulnerabilities within the media processing libraries themselves.

media-processing