The Agent Skills Directory

[PROMPT_INJECTION]: The skill defines patterns for Indirect Prompt Injection (Category 8) by instructing the agent to fetch and process external data without explicit sanitization or boundary markers. * Ingestion points: Data is fetched from URLs in rules/calculate-metadata.md, rules/display-captions.md, and rules/import-srt-captions.md. * Boundary markers: None identified in the instructional snippets to isolate untrusted data. * Capability inventory: The skill utilizes fetch and suggests the use of execSync for shell operations. * Sanitization: No validation or escaping of external content is recommended before processing.
[EXTERNAL_DOWNLOADS]: The instructions frequently recommend the installation of third-party Node.js packages via npx remotion add and npm install. These include both official framework extensions and community utilities like mediabunny and mapbox-gl.
[COMMAND_EXECUTION]: The skill provides guidance on using shell-based tools for video manipulation. Specifically, rules/transcribe-captions.md includes a commented-out example of using execSync to invoke ffmpeg, which is a high-capability operation if applied to attacker-controlled filenames or parameters.

remotion-best-practices