The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses subprocess.run in bili_cli/auth.py to execute a Python script that retrieves browser cookies. This script is generated from a hardcoded template and executed using the current Python interpreter.
[PROMPT_INJECTION]: The skill processes untrusted data from the Bilibili platform, creating a surface for indirect prompt injection.
Ingestion points: Video metadata (titles, descriptions), user-provided subtitles, and comments are fetched via bili_cli/client.py and returned to the agent.
Boundary markers: Output is structured using YAML and JSON envelopes, which provide delimiters but do not explicitly instruct the agent to ignore instructions within the data.
Capability inventory: The skill is capable of file system writes (credential storage and audio segmenting), network communication with Bilibili's API, and subprocess execution for authentication.
Sanitization: Metadata undergoes basic HTML tag removal using _strip_html in bili_cli/payloads.py, but the skill does not filter or sanitize natural language content for malicious instructions.
[CREDENTIALS_UNSAFE]: The skill extracts sensitive authentication tokens (SESSDATA) from local browser databases (Chrome, Firefox, Edge, Brave) and stores them in ~/.bilibili-cli/credential.json with owner-only permissions (0600).

bilibili-cli