The Agent Skills Directory

[EXTERNAL_DOWNLOADS] (LOW): The skill documentation references 'npx remotion', which downloads and executes the Remotion library from the npm registry. While a standard tool, it is not within the defined trusted source scope.\n- [COMMAND_EXECUTION] (MEDIUM): The skill executes multiple local JavaScript files (e.g., scripts/generate-clips.js) via Node.js. These scripts are responsible for handling sensitive API keys and performing network operations to external services like HeyGen, ElevenLabs, and OpenAI.\n- [PROMPT_INJECTION] (MEDIUM): The skill demonstrates an indirect prompt injection surface by ingesting 'clips.json' to drive the video generation pipeline. Ingestion points: The config file 'clips.json' is a direct argument to all execution scripts. Boundary markers: There are no delimited boundaries or instructions to ignore embedded commands in the processed data. Capability inventory: The system performs network-based API calls and executes local logic with access to environment variables. Sanitization: No evidence of input validation or escaping for the JSON-provided narration scripts or configuration values is present.

ai-video-creator