The Agent Skills Directory

[EXTERNAL_DOWNLOADS] (HIGH): The file 'rules/tailwind.md' explicitly instructs the agent to 'fetch https://www.remotion.dev/docs/tailwind using WebFetch for instructions'. This creates a high-risk vector where the agent follows instructions from an external, mutable source at runtime, which could be compromised or manipulated.- [PROMPT_INJECTION] (HIGH): The skill demonstrates a significant surface for Indirect Prompt Injection (Category 8) across multiple rules.
- Ingestion points: 'rules/lottie.md' (fetches Lottie JSON), 'rules/import-srt-captions.md' (fetches SRT text), and 'rules/calculate-metadata.md' (fetches arbitrary JSON from 'props.dataUrl').
- Boundary markers: Absent. There are no instructions or delimiters to prevent the agent from obeying instructions embedded in these external files.
- Capability inventory: The data is used to dynamically construct React components, define rendering logic, and set composition parameters ('calculateMetadata' calls), providing a 'Write/Execute' capability tier.
- Sanitization: Absent. No validation or filtering of external content is recommended before it influences code generation.
[COMMAND_EXECUTION] (LOW): Multiple files (e.g., 'rules/3d.md', 'rules/audio.md', 'rules/parameters.md') recommend shell commands for package installation ('npx remotion add', 'npm i zod@3.22.3'). While standard for development, this represents a command execution surface.- [REMOTE_CODE_EXECUTION] (MEDIUM): The 'calculateMetadata' feature described in 'rules/calculate-metadata.md' and 'rules/compositions.md' involves the agent writing code that performs 'fetch()' requests to arbitrary URLs. If these URLs are derived from user-controlled props, it creates a risk of Server-Side Request Forgery (SSRF) or unauthorized data access.

remotion-best-practices