The Agent Skills Directory

[COMMAND_EXECUTION]: The skill's primary function is generating and facilitating the execution of shell scripts that utilize ffmpeg, tmux, and node to automate screen recording and terminal interactions. The generated scripts (record_xxx.sh) automate inputs to the Claude Code CLI within a tmux session.
[EXTERNAL_DOWNLOADS]: The skill instructions and scripts (SKILL.md) check for the playwright dependency and provide instructions to install it via the npm registry if it is missing from the environment.
[DYNAMIC_EXECUTION]: The skill generates shell scripts based on a template (record_template.sh). These scripts dynamically construct Node.js commands to control a browser. Specifically, the browser_goto function in the template interpolates a URL directly into a Node.js one-liner (node -e), which could potentially be exploited for code injection if the URL is not properly sanitized during the script generation phase.
[INDIRECT_PROMPT_INJECTION]: The skill processes untrusted input drafts (e.g., script.md) to derive the sequence of commands for the generated scripts. This presents an attack surface where a malicious draft could attempt to influence the agent into including harmful shell commands or browser actions in the output script.
Ingestion points: User-provided script files (e.g., script.md or 录屏指示.md) or direct text descriptions processed by the agent as described in SKILL.md.
Boundary markers: No explicit delimiters or instructions are used to distinguish between the content of the script and the agent's logic for script generation.
Capability inventory: The skill enables full shell execution via generated bash scripts, physical screen recording using ffmpeg, and browser automation using Playwright.
Sanitization: No explicit sanitization or validation of extracted commands is defined in the skill logic, relying entirely on the agent's interpretation of the draft.

laohan-luping