DubbingHub

The skill facilitates video translation via an external service (audiox-api-global.luoji.cn). It is classified as suspicious due to a shell injection vulnerability in 'scripts/curl_examples.sh'. The script uses unquoted heredocs to construct JSON payloads, which allows for arbitrary command execution via shell expansion of the 'VIDEO_SOURCE' variable if a user provides a maliciously crafted URL or file path. While the skill's instructions in 'SKILL.md' and 'agents/openai.yaml' align with its stated purpose, the lack of input sanitization in the provided execution script poses a significant security risk.