The Agent Skills Directory

[COMMAND_EXECUTION]: The workflow files workflows/batch-generate.lobster, workflows/generate.lobster, and workflows/pip-generate.lobster construct shell commands by directly interpolating user-provided arguments such as ${script}, ${scripts}, and ${actor}. Specifically, the batch generation workflow uses a shell loop: for script in $(echo '${scripts}' | jq -r '.[]'); do agent-media ugc "$script" ... done. This pattern is vulnerable to command injection if the input contains shell metacharacters or command substitution sequences, potentially allowing arbitrary code execution in the environment where these workflows are processed.
[PROMPT_INJECTION]: The skill instructs the agent to visit external product websites and extract image URLs for use as B-roll (Rule 3 in SKILL.md). This ingestion of untrusted external content represents an indirect prompt injection surface where a malicious site could provide crafted filenames or metadata designed to manipulate command generation.
Ingestion points: External websites visited by the agent based on product URLs.
Boundary markers: Absent; no instructions are provided to the agent to treat site content as untrusted or to use specific delimiters.
Capability inventory: Execution of shell commands via the agent-media CLI tool.
Sanitization: No sanitization or validation logic is defined for the content extracted from external sites before it is passed to CLI arguments.
[EXTERNAL_DOWNLOADS]: The installation process involves downloading a global NPM package agent-media-cli and using npx to fetch the skill repository. These resources originate from the vendor's official distribution channels.

agent-media