terry-camsnap

The skill is classified as suspicious due to a shell injection vulnerability in SKILL.md, where user-provided arguments are passed directly into a Bash command string (python3 ... {{ $ARGUMENTS }}). While the stated purpose of taking webcam snapshots is legitimate, the lack of argument sanitization allows for potential command execution. Additionally, the skill interacts with sensitive hardware (webcam) and references an external script (camsnap.py) not provided in the bundle.