The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The file 'references/generative-tools.md' provides instructions to clone an external GitHub repository (github.com/jamiepine/voicebox) and execute 'make setup' and 'make dev'. This pattern involves downloading and running arbitrary build scripts from an unverified third-party source. It also recommends using 'npx create-video', which executes code directly from the NPM registry.
[EXTERNAL_DOWNLOADS]: The skill references and provides command examples for several external AI service providers including Google Gemini, ElevenLabs, Replicate, and Ideogram. While these are well-known services, they involve outbound network requests and potential data sharing with third-party platforms.
[COMMAND_EXECUTION]: The skill instructs the agent to utilize local command-line tools (e.g., 'tools/clis/google-ads.js') to interact with advertising platforms. This facilitates the retrieval of campaign data and the management of ad assets through shell command execution.
[PROMPT_INJECTION]: The skill processes external performance data (CSV, API output, or text paste) to iterate on ad copy, creating a surface for indirect prompt injection. * Ingestion points: User-provided metrics or data files described in 'SKILL.md'. * Boundary markers: No explicit delimiters or instructions to ignore embedded commands are provided. * Capability inventory: The skill has access to ad platform management CLIs and local file system context. * Sanitization: No input validation or sanitization routines are specified for the ingested data.

ad-creative