The Agent Skills Directory

[COMMAND_EXECUTION]: The skill requires shell access to execute mediakit-cli for video and audio processing commands, such as trim-video and concat-audio, as defined in SKILL.md.
[EXTERNAL_DOWNLOADS]: The documentation in reference/shared.md instructs users to install the @volcengine/mediakit-cli package from the NPM registry to enable the skill's core editing capabilities.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface due to the processing of untrusted external content.
Ingestion points: Media resources are retrieved from external URLs provided in parameters like video_url and audio_url, and arbitrary text is processed through the subtitles parameter in reference/add-subtitle-to-video.md.
Boundary markers: The skill instructions lack boundary markers or warnings to distinguish between media data and potential embedded instructions.
Capability inventory: The skill possesses shell execution capabilities through the mediakit-cli tool (referenced across SKILL.md and all files in the reference/ directory), which could be influenced by malicious content in processed files.
Sanitization: There is no evidence of content validation or sanitization for media files or subtitle strings before they are handled by the CLI tool.

byted-mediakit-editing