The Agent Skills Directory

[PROMPT_INJECTION]: The skill exhibits several Indirect Prompt Injection surfaces (Category 8). It instructs the agent to fetch and process untrusted external data which could contain malicious instructions.
Ingestion Points: rules/calculate-metadata.md fetches from props.dataUrl; rules/display-captions.md fetches JSON captions from arbitrary URLs; rules/import-srt-captions.md parses external SRT files; rules/tailwind.md explicitly directs the agent to fetch documentation from an external URL using WebFetch to receive instructions; rules/lottie.md fetches animation data from a remote JSON file.
Boundary Markers: No explicit boundary markers or 'ignore' instructions are provided when interpolating this external data into the agent's context.
Capability Inventory: The skill enables file system writes (fs.writeFileSync in rules/transcribe-captions.md), arbitrary shell command execution (npx remotion ...), and outbound network requests (fetch).
Sanitization: No evidence of sanitization or validation of the fetched content is present in the provided templates.
[COMMAND_EXECUTION]: The skill frequently uses shell commands for project setup and management.
Evidence: SKILL.md uses npx create-video@latest; rules/ffmpeg.md uses npx remotion ffmpeg and npx remotion ffprobe; multiple rule files use npx remotion add to install dependencies.
[EXTERNAL_DOWNLOADS]: The skill facilitates the download of external assets and binaries.
Evidence: rules/transcribe-captions.md uses @remotion/install-whisper-cpp to download and install specific versions of whisper.cpp and its models to the local file system. SKILL.md and rules/sfx.md provide patterns for fetching remote video and audio assets from remotion.media.
[CREDENTIALS_UNSAFE]: rules/voiceover.md provides instructions on using the ELEVENLABS_API_KEY. It correctly suggests using environment variables rather than hardcoding secrets.

remotion-best-practices