The Agent Skills Directory

[Indirect Prompt Injection] (HIGH): The skill's architecture creates a significant attack surface by processing external, untrusted content through an AI model that directly influences command execution. 1. Ingestion points: Data enters through user prompts and media file analysis in gemini-edit-plan.sh. 2. Boundary markers: No delimiters or instructions are used to prevent the AI from obeying malicious commands embedded in the input media or user prompt. 3. Capability inventory: The skill possesses the ability to execute shell scripts and launch ffmpeg with arbitrary filter graphs. 4. Sanitization: There is no evidence of validation or sanitization for the Gemini-generated EditPlan before it is used to construct terminal commands.
[Command Execution] (HIGH): The skill runs ffmpeg using a -filter_complex string derived from AI output. Maliciously crafted inputs could trick the AI into generating dangerous filter sequences (e.g., using the movie or subtitles filters) to read sensitive local files like /etc/passwd or private keys.
[External Downloads] (LOW): The skill uses curl to interact with the Gemini API. While the target is a trusted source, this is categorized as LOW per [TRUST-SCOPE-RULE] because the network behavior is required for its stated purpose, although it serves as the vector for untrusted data.

beat-sync-video-editing