The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses the muapi CLI and curl to execute image and video generation tasks. These commands are used as intended to interact with the service provider's generative AI models.
[DATA_EXFILTRATION]: The skill communicates with api.muapi.ai to transmit generation parameters. It utilizes the MUAPI_API_KEY environment variable for authentication, which is a standard and secure practice for providing credentials to CLI-based skills.
[PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection through its handling of user inputs:
Ingestion points: The jewelry_description and surface_description inputs in SKILL.md are provided by the user.
Boundary markers: Absent; user inputs are interpolated directly into prompts for the generative models.
Capability inventory: The skill's capabilities include executing muapi CLI commands, making network requests via curl, and performing video concatenation using ffmpeg.
Sanitization: No explicit sanitization or validation is performed on the user-provided descriptions.
Assessment: The security risk is minimal, as the injection impact is confined to the content of the generated media and does not allow for unauthorized access to the host system or sensitive user data.

muapi-jewelry-product-video