The Agent Skills Directory

[DATA_EXFILTRATION]: The transcribe.ts script extracts audio from video files and uploads it to https://audio.audetic.link. This domain is a non-whitelisted third-party service, meaning potentially private user audio data is sent to an external entity for processing.
[COMMAND_EXECUTION]: The skill uses Bun.spawn to execute ffmpeg and ffprobe commands. Critical parameters, including source and output file paths, are derived from Edit Decision List (EDL) JSON files. If an EDL file is maliciously crafted, it could be used to reference sensitive system files or overwrite data. Specifically, scripts/lib/ffmpeg.ts uses the -safe 0 flag during concatenation, which allows the use of absolute and potentially unsafe file paths.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. Malicious instructions can be embedded in a video's audio (e.g., a person speaking commands). These are transcribed into the -transcript.md and -analysis.md files. Since the agent is instructed to read these files to 'Plan the Edit', it may inadvertently follow instructions embedded in the transcript text.
[EXTERNAL_DOWNLOADS]: While the skill does not download executable code at runtime, it possesses a hardcoded dependency on an external API (https://audio.audetic.link) for its core transcription functionality, creating a data-flow dependency on an untrusted external host.

edit-video