The Agent Skills Directory

[DATA_EXFILTRATION]: The skill workflow includes a step to establish a Cloudflare tunnel (bash skills/cloudflare-tunnel/scripts/tunnel.sh start 3000). This action exposes a local development server to the public internet, bypassing firewalls and potentially allowing unauthorized external access to the host environment.
[REMOTE_CODE_EXECUTION]: The initialization process utilizes npx --yes create-video@latest. This command fetches and executes code from a remote registry at runtime without version pinning, which can be exploited if the remote package is compromised.
[COMMAND_EXECUTION]: Extensive use of shell commands and local wrapper scripts (remotion.sh, firecrawl.sh) for critical operations like project scaffolding, rendering, and data processing. The skill programmatically generates and then executes React/TypeScript code.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its web scraping feature. It ingests data from arbitrary URLs via Firecrawl and uses this untrusted information to guide code generation and design decisions.
Ingestion points: scripts/firecrawl.sh is used to scrape brand data from external websites.
Boundary markers: There are no markers or instructions to isolate scraped content from the agent's core logic.
Capability inventory: The skill can execute arbitrary shell commands, install software packages, and perform network operations.
Sanitization: The instructions do not include steps to sanitize or validate the content retrieved from external websites before processing it.
[EXTERNAL_DOWNLOADS]: The skill performs several external network operations, including downloading brand assets using curl and installing Node.js dependencies from the NPM registry during the setup process.

video-generator