The Agent Skills Directory

DATA_EXFILTRATION (MEDIUM): The scripts/upload_video.sh script is vulnerable to local file exfiltration. It utilizes curl -F to handle platform-specific comments without sanitizing the input. Because curl interprets field values starting with the @ or < characters as file paths to be uploaded or read, a malicious payload in the platform-comments argument (e.g., {"instagram": "@/etc/passwd"}) would cause the script to upload sensitive system files to the API endpoint.
COMMAND_EXECUTION (LOW): The scripts/upload_video.sh script performs unsafe word splitting. It parses JSON using a python3 one-liner and stores the result in a variable (FIELDS) which is then iterated over without quotes (for field in $FIELDS). This allows a crafted JSON input to inject additional arguments into the curl command, potentially altering its behavior or bypassing intended logic.
CREDENTIALS_UNSAFE (LOW): The skill documentation and both included scripts encourage users to provide the API_KEY as a command-line argument. This practice is insecure as command-line arguments are often visible to other users on the same system via process monitoring tools like ps or top.
DATA_EXFILTRATION (LOW): The skill presents an Indirect Prompt Injection surface. It ingests untrusted data (titles, descriptions, and comments) and passes them directly to a script with file-read capabilities (curl) without sanitization, boundary markers, or validation of the input content.

upload-post