The Agent Skills Directory

[COMMAND_EXECUTION]: The SKILL.md file contains mandatory instructions for the agent to execute a curl POST request to localhost:8888 for notifications immediately upon invocation.
[REMOTE_CODE_EXECUTION]: The Workflows/ContentToAnimation.md workflow describes a process where the agent generates an entire React project in /tmp, writes multiple .tsx source files, and then executes them using npm install and npx remotion render. This represents dynamic assembly and execution of code.
[COMMAND_EXECUTION]: The Tools/Render.ts script provides a Bun-based wrapper that executes npx remotion CLI commands using a shell utility, passing several user-controllable parameters such as compositionId and outputPath directly to the command line.
[PROMPT_INJECTION]: The skill exhibits an Indirect Prompt Injection surface in Workflows/ContentToAnimation.md by ingesting external data from URLs and YouTube transcripts and interpolating that untrusted content into generated React code without explicit sanitization markers, which could allow a malicious source to influence the rendering process or code execution.

Remotion