The Agent Skills Directory

EXTERNAL_DOWNLOADS (MEDIUM): The file references/kickstart-guide.md promotes the use of npx degit jhartquist/claude-remotion-kickstart to clone a template repository. The GitHub user jhartquist is not a trusted source per the security policy.
EXTERNAL_DOWNLOADS (MEDIUM): The script scripts/setup-remotion.sh attempts to install an external skill via npx skills add remotion-dev/skills. The remotion-dev organization is not in the trusted organization list.
REMOTE_CODE_EXECUTION (MEDIUM): The skill instructions guide the user to run pnpm install and pnpm remotion render inside the newly cloned repository. This executes arbitrary code and lifecycle scripts defined by the untrusted external repository.
COMMAND_EXECUTION (LOW): The script scripts/render-video.sh uses the $@ variable to pass unvalidated command-line arguments to npx remotion render. This could lead to argument injection if the input strings provided by the agent are not strictly sanitized.
PROMPT_INJECTION (LOW): Category 8 (Indirect Prompt Injection): The skill ingests feature descriptions and app structures to generate video scripts. Evidence: Ingestion points in SKILL.md arguments; no boundary markers or sanitization logic identified in scripts; capabilities include shell execution and network-linked rendering tools.

demo-video