The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes numerous system commands via the Bash tool in SKILL.md, including ffmpeg, ffprobe, and node. It heavily relies on external scripts expected to be present at ~/.claude/skills/claude-gif/scripts/ (such as gif_convert.sh, preflight.sh, and gif_frames.py) and a specific Python virtual environment at ~/.video-skill/. Since these scripts are not included in the skill's source, their logic and safety are unverifiable.
[COMMAND_EXECUTION]: In SKILL.md (Mode D), the skill dynamically generates a Node.js script (capture_svg.js) in the /tmp directory using a heredoc and subsequently executes it. This script uses Playwright to render and capture frames from SVG files.
[EXTERNAL_DOWNLOADS]: The skill instructions in SKILL.md suggest using npx playwright install chromium to download and install browser binaries from Microsoft's well-known service, required for SVG-to-GIF conversion.
[PROMPT_INJECTION]: The skill presents an indirect prompt injection surface and command injection risk through its handling of external files in SKILL.md.
Ingestion points: Reads and processes local media files (videos, images) and SVG files.
Boundary markers: No delimiters or explicit instructions are provided to the agent to treat file content as untrusted data or to ignore embedded instructions.
Capability inventory: The skill has access to powerful tools including Bash, Read, Write, and Edit, enabling file manipulation and arbitrary code execution across its various modes.
Sanitization: User-supplied file paths and names are interpolated directly into shell command strings (e.g., "$(realpath input.svg)") without explicit sanitization or escaping of shell metacharacters, which could lead to command injection if filenames are maliciously crafted.

claude-gif-convert