The Agent Skills Directory

[COMMAND_EXECUTION]: The SKILL.md file contains instructions for the agent to execute shell commands for environment setup (cp), data transcription (npx tsx), and video rendering (npx remotion). These commands are consistent with the intended functionality of the video automation tool.
[PROMPT_INJECTION]: The skill processes untrusted external data from SRT and ElevenLabs JSON files via the lyricsParser.ts utility. This data is ingested into the agent's context without boundary markers or sanitization, creating a potential surface for indirect prompt injection if the lyrics contain malicious instructions targeted at the agent. \n * Ingestion points: lyricsParser.ts (reads external transcript and subtitle files). \n * Boundary markers: Absent in both instructions and parsing logic. \n * Capability inventory: The skill environment allows subprocess execution (rendering) and file system operations (copying templates). \n * Sanitization: No sanitization or escaping is performed on the ingested text before display or processing.

lyrics-overlay