The Agent Skills Directory

[COMMAND_EXECUTION]: The skill configuration in "SKILL.md" requests broad "Bash(general:)" and "Bash(util:)" tool permissions, allowing the agent to execute arbitrary commands on the host environment. The "scripts/README.md" file further indicates that scripts within the skill directory are intended for execution during skill activation.
[PROMPT_INJECTION]: The skill's primary function is processing multimodal media (video, audio, images) which introduces a surface for Indirect Prompt Injection. 1. Ingestion points: Media processed via Vertex AI generative models as described in "references/core-capabilities.md". 2. Boundary markers: Absent; there are no instructions provided to the agent or the underlying models to ignore potential commands embedded within processed media content. 3. Capability inventory: The skill has high-privilege tool access including unrestricted shell execution ("Bash(general:*)") and extensive file system operations ("Read", "Write", "Edit"). 4. Sanitization: Absent; media inputs are passed to generative models without pre-processing, validation, or filtering for malicious instructions.

vertex-ai-media-master