The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The documentation instructs the user to clone a repository from an untrusted third-party source: https://github.com/pennydinh/marketing-pineline-share.git.
[REMOTE_CODE_EXECUTION]: Running code from the cloned repository represents execution of remote, unverifiable content. The skill also uses @remotion/bundler to dynamically compile and execute project code during video rendering.
[COMMAND_EXECUTION]: Setup involves shell commands like npm install and npm run dev, which execute scripts and code from the untrusted external repository.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8). 1. Ingestion points: Data is fetched from news sites (TechCrunch, Twitter) in lib/research/scanner.ts. 2. Boundary markers: None; external data is interpolated directly into prompts (e.g., ${request.research}). 3. Capability inventory: Performs network requests to AI APIs and media rendering via subprocesses. 4. Sanitization: No validation or filtering is applied to the aggregated research data.

marketing-pipeline-content-automation