The Agent Skills Directory

EXTERNAL_DOWNLOADS (HIGH): The shell scripts scripts/batch-remove-background.sh and scripts/remove-background.sh contain logic to automatically install the rmbg-cli package globally via npm install -g if the command is not found. This constitutes an unverified runtime download of external code that is subsequently executed.
COMMAND_EXECUTION (HIGH): The skill heavily relies on executing system binaries (ffmpeg, magick, rmbg) using subprocess.run in Python and direct shell execution in Bash. While media_convert.py uses list-based arguments (reducing shell injection risk), the bash scripts take user-provided paths and arguments directly into shell commands.
REMOTE_CODE_EXECUTION (HIGH): The combination of automatic package installation (npm install -g rmbg-cli) and immediate execution of that package's CLI tool allows for remote code execution if the package or the registry were compromised.
INDIRECT PROMPT INJECTION (HIGH):
Ingestion points: The skill is designed to ingest and process external multimedia files (images, video, audio) provided by users or external sources.
Boundary markers: No explicit boundary markers or 'ignore embedded instructions' warnings are used when passing file paths or processing file content.
Capability inventory: Extensive capabilities including arbitrary file system reads (finding images), file writing (outputting media), and command execution via subprocess.run and shell scripts.
Sanitization: Input paths are used directly; while some validation exists (checking if a directory exists), there is no sanitization against malicious filenames or exploit payloads embedded in media metadata (e.g., Polyglot files or ImageTragick-style exploits).
METADATA POISONING (LOW): The SKILL.md and documentation contain instructions that recommend sudo apt-get install, which is a privileged operation. While standard for installation, it should be noted as a capability transition point.

media-processing