The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes subprocess.run to execute ffmpeg, ffprobe, and whisper commands locally. While it uses list-based arguments to mitigate shell injection, these operations interact directly with the local file system and system resources.
[EXTERNAL_DOWNLOADS]: The skill requires the installation of the openai-whisper Python package and the ffmpeg system utility. It also makes network requests to the OpenAI Whisper API (api.openai.com) for transcription services. These are well-known services and expected for the skill's core functionality.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8). It ingests untrusted transcription data generated from user-provided videos and passes it to an LLM to identify video segments. A malicious transcript could attempt to override the LLM's instructions to influence which parts of the video are kept or removed.
Ingestion points: Reads transcript.json generated from video audio.
Boundary markers: Uses TRANSCRIPT: and TRANSCRIPT SEGMENTS: headers but lacks strict delimiters or instructions to ignore embedded commands.
Capability inventory: Includes file read/write (open, write), file deletion (os.remove), and subprocess execution (ffmpeg).
Sanitization: No explicit sanitization or validation is performed on the text content of the transcript before LLM processing.

video-subtitle-cutter