Vector Control

The skill is designed to control a local robot via a local API. While the `SKILL.md` instructions are benign and do not contain prompt injection attempts, the `scripts/vector_control.py` script includes risky capabilities. Specifically, it uses `subprocess.run` to execute `ffmpeg` with user-controlled input file paths (`args.file`), and allows writing camera snapshots to arbitrary local paths (`args.out`). Although these capabilities are plausibly needed for the stated purpose (audio conversion, saving snapshots), they represent broad file system access and command execution that could be leveraged by a malicious prompt to the AI agent, even if the skill itself does not explicitly instruct such harmful actions. All network communication is confined to `http://localhost:8080`, indicating no external data exfiltration.