The Agent Skills Directory

COMMAND_EXECUTION (HIGH): The rules in rules/claude-cli-patterns.md recommend granting the Bash tool to multiple skill components (e.g., motion-designer, remotion-scaffold). This allows the agent to execute arbitrary shell commands on the host system.
REMOTE_CODE_EXECUTION (HIGH): The skill uses cat << EOF (unquoted HEREDOC) to construct prompts and scripts. This pattern performs shell expansion on variables like $SPEC_CONTENT, which contains AI-generated text. If the AI-generated content includes shell metacharacters like backticks or $(...), the shell will execute them during interpolation.
CREDENTIALS_UNSAFE (MEDIUM): rules/claude-cli-patterns.md documents the practice of exporting ANTHROPIC_API_KEY into the environment where the agent operates. While necessary for the CLI, the combination with the Bash tool allows a compromised prompt to exfiltrate the key via simple network commands.
PROMPT_INJECTION (LOW): The skill is highly vulnerable to Indirect Prompt Injection (Category 8). Evidence: 1. Ingestion points: Untrusted user input enters via the 'Creative Brief' and propagates through VIDEO_SPEC.md. 2. Boundary markers: Missing; variables are interpolated directly into prompts with only simple text labels. 3. Capability inventory: Extensive capabilities including Bash, Write, and WebSearch. 4. Sanitization: No validation or escaping of AI-generated content is performed before it is used in subsequent shell operations.

create-video-start