The Agent Skills Directory

[REMOTE_CODE_EXECUTION] (CRITICAL): The file SKILL.md contains the command curl -fsSL https://cli.inference.sh | sh. This is a piped remote script execution pattern targeting an untrusted source, which is a major security vulnerability.- [COMMAND_EXECUTION] (HIGH): The skill's configuration in SKILL.md requests allowed-tools: Bash(infsh *), providing broad shell execution capabilities for the infsh utility without restricted parameters.- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill suggests installing unverified third-party skills via npx skills add and running remote apps through the infsh tool, creating a dependency on external, unvetted infrastructure.- [PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection. Evidence chain: (1) Ingestion points: User-provided prompts for video and voiceover generation in SKILL.md. (2) Boundary markers: Absent. (3) Capability inventory: Bash tool for media processing and file manipulation. (4) Sanitization: None identified.

explainer-video-guide