The Agent Skills Directory

[COMMAND_EXECUTION]: The documentation instructs users to execute sudo udevadm control --reload-rules && sudo udevadm trigger on Linux systems. Running commands with elevated privileges (sudo) to modify system hardware rules (udev) poses a high risk if the user does not fully understand the implications of the change or if the rules are malicious.- [EXTERNAL_DOWNLOADS]: The skill requires users to download the application source code from an unverified GitHub repository (https://github.com/eggricesoy/filmkit.git). This involves fetching code from a source that is not a well-known service or trusted organization.- [REMOTE_CODE_EXECUTION]: After cloning the repository, users are instructed to run npm install and npm run dev. This results in the execution of scripts and the installation of dependencies from an unverified source, which can lead to the execution of malicious code on the user's machine.- [DATA_EXFILTRATION]: The skill uses the WebUSB API to communicate directly with Fujifilm cameras via the PTP protocol. This grants the application capability to read camera properties and transfer raw image files (RAF). While intended for preset management, this level of hardware access could be leveraged to access sensitive data stored on the camera.- [PROMPT_INJECTION]: The skill processes external data (presets) via URL parameters or text input. This data is decoded using atob() and parsed with JSON.parse(). This represents an ingestion point for untrusted data that could potentially influence the application's behavior if the data is not properly validated before use.

filmkit-fujifilm-camera