The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill downloads media assets from multiple external providers including Pixabay, Pexels, Giphy, Tenor, and Freesound. It also includes a 'web' asset type that allows downloading from arbitrary URLs. These operations are protected by path traversal guards (safePath function) and response size limits (25MB).
[COMMAND_EXECUTION]: Several scripts utilize execFileSync to run system utilities such as ffmpeg, ffprobe, and git. It also uses npx to execute the hyperframes engine for rendering and transcription tasks.
[PROMPT_INJECTION]: The skill includes explicit security instructions for the agent to treat external content (READMEs, web pages, and transcripts) as data to be presented rather than instructions to follow, mitigating indirect prompt injection risks.
[DATA_EXPOSURE]: The analyze-codebase.mjs script performs a local filesystem walk to extract facts from a target repository. It includes a built-in ignore list for sensitive directories like .git, node_modules, and .env to prevent accidental exposure of configuration or secrets.

make-video