The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses a shell script (scripts/frame.sh) to execute the ffmpeg binary. The script correctly uses double-quoting for all shell variables (e.g., "$in", "$out", "$time"), which prevents shell command injection from potentially malicious filenames or parameters.
[EXTERNAL_DOWNLOADS]: The skill depends on ffmpeg, which is a well-known, industry-standard open-source tool. The installation guidance uses brew, a trusted package manager, and points to the official project homepage.
[PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection as it processes external video files and user-controlled parameters.
Ingestion points: Arguments like --time and --index and the input video file path in scripts/frame.sh.
Boundary markers: Absent; variables are interpolated directly into the command string.
Capability inventory: Execution of ffmpeg commands via the shell.
Sanitization: The script performs basic existence checks for the input file but does not implement strict regex validation for the time or index strings, relying on ffmpeg to handle malformed inputs.

video-frames