The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructions and scripts involve the execution of shell commands for project initialization and dependency management.
The README.md and SKILL.md suggest using npx for installing the skill and initializing the Hyperframes engine (npx hyperframes init).
The skill recommends system-level installation of FFmpeg using package managers like brew, apt (with sudo), or choco for video rendering.
Project scripts like npm run dev and npm run render are used for local development and output generation.
[EXTERNAL_DOWNLOADS]: The skill performs network operations to download software and project assets.
The scripts/package.json contains a postinstall hook that executes npx playwright install chromium to download the browser binary required for site analysis.
The scripts/extract_site_dna.js script uses Playwright to visit external URLs provided by the user and downloads assets (favicons, logos) using Node.js http/https modules to a local assets/ directory.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its automated data ingestion process.
Ingestion points: scripts/extract_site_dna.js extracts innerText from h1 and p tags from user-provided external websites.
Boundary markers: None observed in the extraction script or the resulting brand_dna.json template to delimit extracted content from instructions.
Capability inventory: The agent has the capability to write files and execute local commands (npm, npx, node) as part of the project workflow.
Sanitization: The extracted text is saved directly to a JSON file without visible sanitization or filtering, which could allow a malicious website to inject instructions that the agent might follow when processing the brand_dna.json or generating the ART_DIRECTION.md document.

hyperframes-product-launch-video