The Agent Skills Directory

[DATA_EXFILTRATION] (HIGH): The load_image_as_datauri function in scripts/video.py reads local file contents based on user-supplied paths and encodes them as Base64 to be sent to the Runware API.
Ingestion points: The images positional argument in cmd_img2vid (scripts/video.py).
Boundary markers: None. File paths are used directly to open files.
Capability inventory: urllib.request.urlopen (Network POST) and open(path, "rb").read() (Local file read).
Sanitization: None. The script only checks if the file exists and uses the extension for MIME type mapping. This allows an attacker to exfiltrate sensitive files (e.g., ~/.aws/credentials, .env) by passing them as 'images' to the tool.
[COMMAND_EXECUTION] (LOW): The skill documentation encourages the execution of local Python scripts with various arguments. While the script itself uses argparse correctly and avoids os.system or shell=True for its internal logic, the pattern of executing local scripts based on agent-generated command lines is a standard capability that requires strict supervision of the agent's shell access.

runware