The Agent Skills Directory

COMMAND_EXECUTION (HIGH): The script scripts/record.js is vulnerable to shell command injection. It constructs a command for ffmpeg by joining an array of strings with spaces and then executes it using execSync. The output filename (opts.output) is included in this command without any quoting or escaping, allowing an attacker to execute arbitrary system commands by providing a filename containing shell metacharacters like ;, &, or backticks. Evidence: scripts/record.js lines 125-136.
REMOTE_CODE_EXECUTION (HIGH): The command injection vulnerability in the recording logic enables arbitrary code execution on the user's system if the agent is tricked into using a malicious output path.
INDIRECT_PROMPT_INJECTION (LOW): The skill is designed to process and render user-provided HTML, CSS, and Javascript. This creates a surface where untrusted data can influence the agent's behavior or attempt to exploit the browser context.
Ingestion points: scripts/record.js loads local HTML files and executes scripts within them using page.evaluate.
Boundary markers: None. The skill intentionally executes the provided content to perform animation stepping.
Capability inventory: The skill has access to shell execution (ffmpeg) and the filesystem.
Sanitization: None. There is no validation of the HTML content or the resulting command-line arguments.
PERSISTENCE (MEDIUM): The skill implements a 'Memory' feature in SKILL.md that directs the agent to read and write to ~/.claude/skills/animator/LEARNED.md. This allows malicious instructions or 'learnings' injected during a session to persist and influence the agent's behavior in future tasks.

animator