The Agent Skills Directory

[Privilege Escalation] (HIGH): Several orchestration scripts (e.g., auto_fix_ownership.sh, staging_watchdog.sh) and documentation (e.g., AGENT_SPEC.md, INSTALL.md) utilize sudo commands for changing file ownership, truncating system logs, and installing packages. This grants the skill high-privilege access to the host system.
[Indirect Prompt Injection] (HIGH): The skill possesses a broad ingestion surface for untrusted external data. gps_extraction_skill uses OCR to extract text from video frames, and Audio-Transcriber uses Whisper to transcribe dashcam audio. The extracted text is consolidated into INDEX.csv and Excel reports which are then processed by the agent. No evidence of sanitization or boundary markers was found to prevent malicious instructions embedded in the environment (e.g., a sign or spoken command) from influencing the agent's behavior via these outputs.
[Unverifiable Dependencies & Remote Code Execution] (MEDIUM): PeopleNet/Scripts/run_pipeline.sh executes runtime package installations (apt-get install ffmpeg, pip install onnxruntime-gpu, etc.) inside Docker containers. This dynamic dependency resolution occurs during the skill's operational loop, introducing risks related to package hijacking or supply chain poisoning.
[Dynamic Execution] (MEDIUM): Multiple components (e.g., PeopleNet/Instructions/07-consolidate.md, PeopleNet/Scripts/reaper_loop.sh) utilize Python heredocs (`python3
<<'PY'`) to generate and execute code on the fly for data consolidation and file cleanup. This pattern obscures static analysis of the execution logic.
[Data Exposure] (LOW): The pipeline explicitly manages dashcam footage across local mounts and Google Drive (backup_to_gdrive.sh). While this involves sensitive data (personal travel footage), the destinations appear consistent with the user's documented setup.

dashcam-frame-extraction