The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The install.sh script installs the pixi package manager by fetching a script from https://pixi.sh/install.sh and piping it directly into bash. While the source is a well-known service, this execution pattern is inherently risky.\n- [EXTERNAL_DOWNLOADS]: The install.sh script uses the GitHub CLI to download a pre-compiled binary for BBDown from the nilaoda/BBDown repository. This binary is an unverified third-party tool that is granted execution permissions and used as a core dependency for the skill's functionality.\n- [COMMAND_EXECUTION]: The skill frequently executes system commands using subprocess.run to call BBDown, ffmpeg, and ffprobe. These commands use arguments derived from external video IDs and URLs, which increases the risk of command injection if not properly sanitized.\n- [CREDENTIALS_UNSAFE]: The skill manages and reads Bilibili session data (SESSDATA) stored in the user's home directory (~/BBDown.data). Accessing these authentication cookies is necessary for its operation but represents a sensitive data access point.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection by processing external subtitle data from B站 (Bilibili) through LLM agents.\n
Ingestion points: External subtitle text is loaded in subtitle_loader.py and passed to the LLM.\n
Boundary markers: The prompts in proofread_agent.py and summarize_agent.py lack delimiters or instructions to ignore potential commands embedded in the subtitle text.\n
Capability inventory: The skill has significant local capabilities, including file system access and the ability to execute shell commands via subprocess.\n
Sanitization: There is no filtering or sanitization of the subtitle content before it is processed by the AI agents.

bilibili-subtitle