The Agent Skills Directory

[COMMAND_EXECUTION]: The skill relies on several shell-based utilities (curl, ffmpeg, yt-dlp, jq) and instructs the agent to build and run commands that include user-provided or API-sourced URLs. If these URLs are not properly escaped by the agent, it could lead to command injection vulnerabilities.
[COMMAND_EXECUTION]: In the environment check step (Step 0.5), the skill instructs the agent to source the user's shell configuration files (~/.zshrc or ~/.bashrc). This is a risky practice as it executes any code or logic present in the user's profile, which could have unintended side effects or compromise the session.
[PROMPT_INJECTION]: The skill processes untrusted metadata from video platforms (titles, descriptions) and transcribed subtitles. This data is eventually passed to the LLM for summarization without sanitization or protective boundary markers (e.g., XML tags), creating a surface for indirect prompt injection.
Ingestion points: Video metadata fetched from TikHub API and transcriptions from Volcengine API in SKILL.md.
Boundary markers: Not present in the final summarization prompt.
Capability inventory: Subprocess execution (ffmpeg, yt-dlp), file system access (/tmp), and network access.
Sanitization: No explicit sanitization of API responses before processing and summarization.
[EXTERNAL_DOWNLOADS]: The skill downloads video and audio binary data from various content delivery networks (TikTok, Xiaohongshu, Bilibili) and interacts with third-party service providers (TikHub and Volcengine/ByteDance) for data processing.

video-to-subtitle-summary