The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill methodology in SKILL.md explicitly instructs the agent to use the user's browser cookies via yt-dlp --cookies-from-browser and to access logged-in browser sessions to bypass authentication walls. This directive provides the agent with access to sensitive session data and authenticated environments, which could be exploited to exfiltrate private information.
[COMMAND_EXECUTION]: The skill includes several Python scripts that execute shell commands for video processing and web capture. scripts/cdp_capture.py, scripts/render_cutaways.py, and scripts/zoom_still.py all use the subprocess module to drive external binaries like ffmpeg, yt-dlp, and Google Chrome. This creates a large execution surface for potential misuse if input parameters (such as file paths or URLs) are not properly validated by the agent.
[EXTERNAL_DOWNLOADS]: The README.md and SKILL.md files describe a workflow that involves downloading video assets and metadata from various external sources, primarily YouTube. It also requires the installation of numerous external dependencies and the use of npm create video@latest to scaffold motion graphics projects, which involves downloading and executing code from external registries.
[PROMPT_INJECTION]: The skill is designed to ingest and process untrusted input data, such as transcripts provided by the user and website content fetched during the sourcing phase. Because the skill possesses extensive capabilities, including authenticated network access and browser control, it is vulnerable to indirect prompt injection attacks where malicious instructions embedded in a transcript could override agent safety guidelines or trigger unauthorized operations.

find-broll