The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill instructs the agent/user to download and execute code from an untrusted source. In references/generative-tools.md, it provides instructions to clone the jamiepine/voicebox repository and run build commands (make setup && make dev). This repository is not from a trusted vendor or well-known service, posing a risk of arbitrary code execution.
[COMMAND_EXECUTION]: The skill references and provides commands for executing local CLI tools located in tools/clis/. Specifically, it suggests running node tools/clis/google-ads.js and other platform-specific scripts. While these tools are intended for legitimate API interactions, they represent a significant capability that could be abused if the skill's logic is subverted.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) as it is designed to ingest and iterate based on 'performance data' from external CSVs, API outputs, or text pastes.
Ingestion points: Performance data processed in 'Mode 2: Iterate from Performance Data' in SKILL.md.
Boundary markers: Absent; the skill does not define clear delimiters or instructions to ignore embedded commands within the performance data.
Capability inventory: The skill can execute local CLI tools (node tools/clis/*.js) and perform network operations via cURL for various AI APIs (Gemini, ElevenLabs, etc.).
Sanitization: No sanitization or validation logic is specified for the ingested data before it is analyzed to generate new variations.
[EXTERNAL_DOWNLOADS]: The skill references several external services. While downloads from well-known services like Google (Gemini/Veo), OpenAI, ElevenLabs, and Vercel (Remotion) are considered safe, the recommendation to fetch and install the 'Voicebox' tool from an unverified GitHub user repository is a security concern.

ad-creative