The Agent Skills Directory

Unverifiable Dependencies & Remote Code Execution (CRITICAL): The automated scan detected a 'curl | sh' execution pattern (https://astral.sh/uv/install.sh | sh). This pattern is inherently dangerous as it executes unverified remote scripts. The domain 'astral.sh' is not included in the trusted source whitelist, necessitating a CRITICAL severity verdict.
Indirect Prompt Injection (LOW): The skill has a vulnerability surface for Indirect Prompt Injection (Category 8) when processing untrusted transcript data.
Ingestion points: Transcripts are used as input for templates in templates/context-cards.md, templates/description.md, templates/seo-keywords.md, and templates/social-posts.md.
Boundary markers: No delimiters or isolation instructions are present to prevent the agent from following commands embedded in transcript content.
Capability inventory: The skill uses a 'video-tool' CLI in workflows.md to perform sensitive operations including downloading from URLs, uploading to YouTube/Bunny.net, and audio enhancement via Replicate API.
Sanitization: No sanitization of transcript content is performed before interpolation into prompts.
Command Execution (MEDIUM): The workflows.md file defines numerous automated shell workflows that execute file system operations, network downloads, and uploads. These commands are executed via a custom CLI ('video-tool'), which represents a significant capability surface.
Data Exposure & Exfiltration (LOW): The workflows utilize network operations to domains not on the trusted whitelist (youtube.com, bunny.net). While functionally necessary, this interaction with non-whitelisted sites increases the potential for data exposure if the agent is manipulated via prompt injection.

video-tool