The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses subprocess.run with list arguments to interact with system utilities like ffmpeg, ffprobe, and yt-dlp. This approach avoids shell injection vulnerabilities by ensuring that user-supplied paths and URLs are treated as discrete arguments rather than shell commands. A utility function run_command in scripts/setup.py uses shell=True, but this function is not called within the codebase and does not pose a risk.
[EXTERNAL_DOWNLOADS]: The skill utilizes yt-dlp to download video content from user-provided URLs (including YouTube and other sources). This is the intended and documented functionality of the skill and uses well-known, established tools.
[DATA_EXFILTRATION]: Audio and video data are transmitted to well-known third-party AI services (Google Gemini, OpenAI, OpenRouter, Groq, AssemblyAI, Deepgram) for processing. This behavior is documented and central to the skill's purpose.
[CREDENTIALS_UNSAFE]: Security best practices are followed for credential management; users are instructed to use environment variables for API keys rather than hardcoding them within the skill files.
[PROMPT_INJECTION]: The skill processes untrusted external media content (video/audio). While it includes instructions for transcription and analysis, it lacks explicit boundary markers or sanitization to prevent potential indirect prompt injection embedded in the processed media. This is an inherent surface for multimodal processing rather than a malicious finding.
[DYNAMIC_EXECUTION]: The setup script uses __import__ to dynamically check for the presence of required Python libraries, which is a standard procedure for environment verification and dependency management.

video-understand