The Agent Skills Directory

[COMMAND_EXECUTION]: The skill configuration allows for the specification of ffmpegPath and executablePath for the browser, which can lead to the execution of arbitrary binaries if these paths are not strictly controlled. The inclusion of an args array for Playwright launch options further increases the risk of command-line argument injection.- [PROMPT_INJECTION]: The render method processes external content via a compositionUrl, creating an indirect prompt injection surface. Ingestion points: External HTML content loaded via compositionUrl into a headless browser. Boundary markers: No delimiters or instructions are used to prevent the agent from following instructions embedded in the composition. Capability inventory: Subprocess spawning (FFmpeg), file system writes (outputPath), and browser-based network access. Sanitization: The skill does not implement validation or sandboxing for the provided URL or its content.

helios-renderer