The Agent Skills Directory

Remote Code Execution (HIGH): The file rules/tailwind.md explicitly instructs the agent to fetch instructions from an external URL (https://www.remotion.dev/docs/tailwind) using a 'WebFetch' tool. This creates a vulnerability where the agent could be manipulated by content at that untrusted location.
Indirect Prompt Injection (HIGH): The skill documentation encourages the ingestion of external content through multiple channels without emphasizing sanitization, which could lead to an agent following embedded instructions in media metadata or fetched data files.
Ingestion points: Identified in rules/calculate-metadata.md (fetching JSON via fetch), rules/import-srt-captions.md (fetching subtitle files), rules/lottie.md (fetching animation data), and media processing rules using mediabunny (rules/can-decode.md, rules/extract-frames.md, rules/get-video-dimensions.md).
Boundary markers: None are specified or suggested in the implementation patterns.
Capability inventory: The skill utilizes network-enabled functions (fetch) and media decoding capabilities that process remote URLs to influence composition parameters and rendering logic.
Sanitization: No sanitization or schema validation of the fetched external content is demonstrated before it is used to override component props.
Unverifiable Dependencies (MEDIUM): The skill instructs the agent to install and manage several packages from the @remotion scope and zod. These are not from the 'Trusted Organizations' list provided in the analysis framework.
Packages: zod@3.22.3, @remotion/three, @remotion/media, @remotion/captions, @remotion/google-fonts, @remotion/fonts, @remotion/gif, @remotion/lottie, @remotion/layout-utils, @remotion/zod-types, @remotion/transitions, mediabunny.

remotion-best-practices