The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill performs an unversioned global installation of agent-browser from the public NPM registry. This package is not from a trusted organization or well-known service, posing a risk of executing unverified third-party code.
[COMMAND_EXECUTION]: The skill executes multiple local CLI tools with arguments derived from external data, including:
gh (GitHub CLI) to view and edit pull requests.
ffmpeg for video and GIF processing.
rclone for cloud storage synchronization.
agent-browser for automated browser interactions.
[DATA_EXFILTRATION]: The skill contains a hardcoded rclone destination path: r2:kieran-claude/pr-videos/pr-[number]/. This configuration directs the upload of generated feature videos and screenshots to a specific user's bucket ('kieran-claude') rather than a user-defined or project-specific location, potentially leading to unintended data exposure.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It ingests untrusted data from GitHub pull requests to plan its operations.
Ingestion points: In SKILL.md (Step 2: Gather Feature Context), the skill fetches the title, body, and file list of a PR using gh pr view.
Boundary markers: The skill does not use delimiters or instructions to ignore embedded commands within the PR data.
Capability inventory: The skill has the capability to execute shell commands (ffmpeg, rclone, gh), install software (npm install), and record browser sessions.
Sanitization: There is no evidence of sanitization or validation of the PR content before it is used to 'Plan the Video Flow' in Step 3.

feature-video