The Agent Skills Directory

[COMMAND_EXECUTION]: The file rules/troubleshooting.md (referenced as a critical rule in SKILL.md) provides a complete Bash script template (scripts/trim-videos.sh). It explicitly instructs the agent or user to make the script executable using chmod +x and run it locally. The script executes several binaries including ffmpeg and ffprobe, and performs file system operations like mkdir -p and file redirections.
[PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection (Category 8).
Ingestion points: Files such as rules/calculate-metadata.md and rules/import-srt-captions.md demonstrate fetching data from external URLs (e.g., props.dataUrl or remote .srt files) which is then used to determine composition duration or rendered text.
Boundary markers: The code examples do not include boundary markers or instructions to the LLM to ignore potentially malicious content within the fetched data.
Capability inventory: The skill encourages the creation and execution of shell scripts (rules/troubleshooting.md) and uses the Remotion framework, which typically invokes ffmpeg for rendering.
Sanitization: There is no evidence of sanitization, escaping, or validation of the external data before it is processed or interpolated into the video composition.
[EXTERNAL_DOWNLOADS]: The skill frequently instructs the agent to install external packages using npx remotion add, npm install, or yarn add. While these target the legitimate Remotion ecosystem and well-known libraries (e.g., zod, mapbox-gl), they represent external dependencies. Additionally, rules/tailwind.md instructs the agent to fetch instructions from https://www.remotion.dev/docs/tailwind at runtime.

remotion-best-practices