The Agent Skills Directory

[COMMAND_EXECUTION]: The skill performs shell command execution using the subprocess module.
Evidence: In scripts/postprocess.py, the _run_command function uses subprocess.run to execute ffmpeg and ffprobe for media processing tasks such as duration probing, audio muxing, and subtitle burning.
Context: The binary paths are configurable in config.yaml, and the operations involve paths provided in the task input.
[DATA_EXFILTRATION]: The skill reads local file contents and transmits them to an external service.
Evidence: In scripts/wan_client.py, the _encode_local_file function reads the bytes of local files specified in the reference_images and reference_videos fields. This data is base64-encoded and sent to the DashScope API at dashscope.aliyuncs.com.
Concern: The skill does not restrict the directories from which files can be read, which could allow an attacker to exfiltrate sensitive system files if they can influence the input paths.
[EXTERNAL_DOWNLOADS]: The skill fetches content from external sources.
Evidence: The scripts/wan_client.py script uses requests.get to download generated image and video assets from Alibaba Cloud's API endpoints.
[PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface due to its data processing model.
Ingestion points: User-supplied JSON input processed in scripts/generate.py via the --input argument.
Boundary markers: No explicit markers or instructions to ignore embedded commands are present in the prompt construction logic.
Capability inventory: The skill can read local files, execute shell commands, and make network requests.
Sanitization: The scripts/validator.py script verifies that file paths exist on the local system but does not restrict those paths to a safe or whitelisted directory.

wan-cover-plus