The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/frame.sh assembles shell commands by interpolating variables ($in, $out, $time, and $index) into calls to ffmpeg and mkdir. These variables are not sanitized for shell metacharacters. If a user-provided parameter (like a file path or frame index) contains a double-quote character, it can be used to escape the command and execute arbitrary shell instructions.
[EXTERNAL_DOWNLOADS]: The SKILL.md metadata specifies an installation step that uses the Homebrew package manager (brew install ffmpeg) to download and install the ffmpeg binary. While Homebrew and ffmpeg are well-known and generally trusted, this represents a dependency on external code executed on the host system.

video-frames