The Agent Skills Directory

[COMMAND_EXECUTION]: The script material-ingest.mjs utilizes execSync to execute CLI commands where local file paths are interpolated into the shell string. This pattern is vulnerable to command injection if a filename contains shell metacharacters such as backticks or subshell syntax (e.g., $(command)).
[EXTERNAL_DOWNLOADS]: The instructions in SKILL.md suggest using curl to download generated content from URLs provided by the Renoise API. While this is the intended use case for the platform, it constitutes an external download based on remote data.
[DATA_EXFILTRATION]: The skill is designed to upload local image and video materials to renoise.ai for processing and analysis. This represents a significant flow of local data to a third-party service, which users should be aware of.
[CREDENTIALS_UNSAFE]: The renoise-cli.mjs script implements a loadEnv function that reads .env files from the current directory or the skill directory to retrieve API keys. While a standard practice for development tools, it requires users to ensure their secret files are properly secured.

renoise-gen