The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill manages production secrets by instructing the agent to pull them from Vercel into a local environment file located in a shared directory (/tmp/aiplayguild-vercel-env/.env.production.local). While a cleanup command (rm) is provided, storing plaintext production secrets in temporary shared storage is a risky practice.
[DATA_EXFILTRATION]: The skill hardcodes several specific production infrastructure identifiers in its reference files, including the Vercel Project ID (prj_JdK2taNnlrKy1Sij8zwL90BkgKRR), Vercel Org ID (team_BjMkA6w87tWnOAl1aDOWe9Dj), Discord Forum Channel ID (1483350303104307241), and a Note membership light plan key (b2e068a96fa9).
[COMMAND_EXECUTION]: The skill makes extensive use of local shell commands to perform its duties. This includes using ffmpeg for video frame extraction with dynamic timestamp arguments, vercel for environment management, and rm for file cleanup. These operations involve shell interpolation of variables derived from external data.
[PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection. It ingests untrusted text data from Zoom VTT transcripts and chat logs to generate public-facing summaries, learning points, and article titles.
Ingestion points: Zoom VTT transcripts and chat logs (SKILL.md).
Boundary markers: Absent; there are no instructions to the model to ignore instructions embedded within the transcript data.
Capability inventory: Writing to Convex databases, posting to Discord forums, and creating note membership articles.
Sanitization: Limited to stripping query parameters from URLs in chat logs, with no general sanitization for natural language instructions.
[EXTERNAL_DOWNLOADS]: The skill downloads media assets (MP4, VTT, Chat) from Zoom's cloud recording servers and interacts with Mux and Convex APIs for video processing and storage.

zoom-lecture-publish