The Agent Skills Directory

[COMMAND_EXECUTION]: The skill's CLI script invokes system commands like open or xdg-open to display generated HTML files in a web browser. This occurs when the preview command is executed.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface during the generation of video previews.
Ingestion points: Data is retrieved from the OpusClip API (e.g., clip titles, descriptions) and used in the cmd_preview function within the scripts/opusclip script.
Boundary markers: No delimiters or safety instructions are present to isolate external API content from the HTML structural elements.
Capability inventory: The skill utilizes curl for network access, writes local files to the /tmp directory, and launches system browsers through shell commands.
Sanitization: The script lacks escaping or sanitization when inserting API-derived strings into the HTML preview template. It relies on simple bash string substitution (html="${html//\{\{CLIP_CARDS\}\}/$cards}") which could allow for the injection of malicious HTML elements or scripts from the API response into the local user environment.

opusclip