The Agent Skills Directory

[EXTERNAL_DOWNLOADS] (MEDIUM): The skill instructs the agent to install various packages from the '@remotion' ecosystem and 'mediabunny' using package managers. These sources are not included in the provided Trusted GitHub Organizations or Repositories list.
[COMMAND_EXECUTION] (LOW): Rules files include instructions for executing shell commands (e.g., npx remotion add) to manage dependencies within the development environment.
[INDIRECT_PROMPT_INJECTION] (MEDIUM): The skill establishes patterns for processing untrusted external data which serves as an attack surface for indirect prompt injection. Evidence Chain: 1. Ingestion points: Files rules/calculate-metadata.md, rules/lottie.md, and rules/import-srt-captions.md use fetch() or UrlSource() to ingest data from user-provided URLs or remote domains like lottiefiles.com. 2. Boundary markers: None; external data is interpolated directly into component logic. 3. Capability inventory: Subprocess calls via npx/remotion and network access via fetch() are documented. 4. Sanitization: No explicit sanitization or validation of the fetched content structure beyond JSON/text parsing.

remotion-best-practices