The Agent Skills Directory

[SAFE]: No malicious patterns or security vulnerabilities were detected in the skill instructions or the accompanying CLI script.\n- [COMMAND_EXECUTION]: The agent interacts with the MoviePilot backend through a dedicated Node.js script (scripts/mp-cli.js). All command invocations are structured and follow predefined workflows for media management.\n- [CREDENTIALS_UNSAFE]: The skill instructions and script manage sensitive API keys and host configuration. Credentials are stored locally in the user's home directory (~/.config/moviepilot_cli/config) using safe practices, including explicit file permission setting (0600) to prevent unauthorized access.\n- [DATA_EXFILTRATION]: Outbound network requests are limited to the user-configured MoviePilot API endpoint for functional requirements. The API key is correctly transmitted via standard HTTP headers (X-API-KEY).\n- [INDIRECT_PROMPT_INJECTION]: The skill processes external media metadata and torrent results. Risk is mitigated by workflows that require user verification of search filters and results before critical actions (like downloading) are performed.

moviepilot-cli