The Agent Skills Directory

[EXTERNAL_DOWNLOADS] (HIGH): The files init.py and sample/geometry_proof/render.sh contain instructions to download a shell script from https://astral.sh/uv/install.sh and pipe it directly into the shell (sh). This 'curl | sh' pattern is a significant security risk as it executes unverified remote code. Although astral.sh is the official site for the uv tool, it is not on the whitelisted Trusted External Sources.\n- [REMOTE_CODE_EXECUTION] (HIGH): The skill performs unverified remote code execution during the initialization process to install dependencies. This could be exploited if the remote source or the transit path is compromised.\n- [COMMAND_EXECUTION] (MEDIUM): Several scripts, including init.py, scripts/render.py, and scripts/validate_audio.py, use subprocess.run to execute system commands such as manim, ffmpeg, and ffprobe. While these are functional requirements, they interact directly with the host operating system and filesystem.\n- [DATA_EXFILTRATION] (LOW): The scripts/generate_tts.py script uses the edge-tts library to send text data to Microsoft's servers for speech synthesis. While Microsoft is a known entity, the specific network operation targets a non-whitelisted domain and involves sending user-provided text externally.\n- [PROMPT_INJECTION] (LOW): The skill possesses an indirect prompt injection surface. Ingestion points: audio_list.csv and 分镜.md are parsed at runtime. Boundary markers: Absent. Capability inventory: Uses subprocess.run to execute manim based on logic derived from the parsed data. Sanitization: There is no significant sanitization of the input text before it is processed or used in terminal output displays.

tutor