The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill instructions require cloning an external repository from GitHub (https://github.com/pennydinh/marketing-pineline-share.git) to function. This repository is not associated with a verified or trusted organization.
[PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection. It fetches content from external, untrusted sources (TechCrunch, Twitter, LinkedIn via RapidAPI) and directly interpolates this content into LLM prompts in lib/ai/content-generator.ts without sanitization, boundary markers, or instructions to the model to ignore embedded commands.
Ingestion points: crawlRecentNews in lib/crawler/news-crawler.ts fetches external data.
Boundary markers: Absent in generateContent prompt construction.
Capability inventory: The pipeline can write files to the public directory (renderArticleVideo) and make subsequent network requests.
Sanitization: No filtering or escaping is performed on the researchContext before being sent to the AI model.
[COMMAND_EXECUTION]: The video generation process uses @remotion/bundler to dynamically bundle TypeScript code (remotion/index.ts) at runtime. This involves executing local build tools and scripts to generate the final video asset.

marketing-pipeline-share-ai-content-automation