[Skill Submission] product-video

[everyskill-bot]

New Skill Submission

Skill: product-video
Submitted by: Austin Tedesco (via Montaigne)
Reason: Proven workflow for building product launch videos in Remotion — from brief to storyboard to multi-agent review to ship. Built and validated during Sparkle V3 launch (2026-04-14). Includes the 4-agent parallel review pattern (design, text, narrative, brand) that catches things self-review misses.

---

This PR was auto-generated from skills.every.to (agent-api).

AI security review will run automatically.

[cloudflare-workers-and-pages]

Deploying everyskill with    Cloudflare Pages

Latest commit:	c5fc596
Status:	✅  Deploy successful!
Preview URL:	https://026def2f.everyskill.pages.dev
Branch Preview URL:	https://skill-product-video-17761278.everyskill.pages.dev

View logs

[github-actions]

Frontier Model Security Review

Agent	Verdict
Claude Opus 4.6	WARN
GPT-5.2	WARN

Final Verdict: WARN

---

Claude Opus 4.6 Analysis

{"verdict": "WARN", "issues": ["Hardcoded absolute file paths (e.g., /Users/austintedesco/Documents/every-growth-os/social-clips) expose user directory structure and username, which is a minor information disclosure concern.", "The skill instructs the agent to run arbitrary shell commands (npx remotion, ffmpeg, npm run studio, cp) without any sandboxing or allowlist restrictions. While the commands shown are benign, the pattern of unrestricted Bash execution could be extended to harmful commands.", "The instruction to 'spawn 4 agents in parallel' and 'spawn a research agent' implies multi-agent orchestration that could be leveraged for unintended parallel actions, though no explicit abuse is present.", "The 'cp' command copies files to ~/Desktop which is a write operation to the user's filesystem outside the project directory."], "reasoning": "This skill is a detailed, legitimate workflow for building product launch videos using Remotion. There are no prompt injection attempts, no data exfiltration to external URLs, no credential access, and no social engineering. The content is straightforward technical documentation. However, there are minor concerns: (1) Hardcoded absolute paths leak the username and directory structure. (2) The skill freely instructs execution of shell commands (npx, ffmpeg, npm, cp) without any restriction or sandboxing — while all shown commands are benign and contextually appropriate, the pattern establishes a norm of unrestricted shell access that could be abused if the skill were modified or if an agent over-generalizes. (3) File writes occur outside the project directory (cp to ~/Desktop). None of these rise to the level of FAIL since there is no malicious intent, no exfiltration, no injection, and no destructive commands. The WARN is warranted due to the unrestricted shell execution pattern and hardcoded user paths."}

GPT-5.2 Analysis

{"verdict":"WARN","issues":[{"category":"Dangerous tool usage","severity":"medium","evidence":["Hard-coded local filesystem paths and shell commands: `cd /Users/austintedesco/Documents/every-growth-os/social-clips`","Commands that read/write arbitrary local outputs: `npx remotion still ... out/test.png`, `npx remotion render ... out/video.mp4`, `ffmpeg ... out/video.gif`","File copy to user Desktop: `cp social-clips/out/<video>.mp4 ~/Desktop/<name>.mp4`"],"risk":"If executed by an agent with broad shell/file permissions, this skill can write to arbitrary locations and potentially leak/overwrite files (though no explicit destructive commands are present).","recommendation":"Constrain shell/tool scope: restrict working directory to the repo, restrict output directory, and disallow writing outside `social-clips/out/` (block `~/Desktop`, absolute paths). Prefer relative paths and sandboxed execution."},{"category":"Sensitive file access / environment assumptions","severity":"low","evidence":["Absolute path includes a specific username and local directory structure.","Mentions cloning/checking assets and product repo for brand tokens (fonts/colors/icons/logos)."],"risk":"Encourages an agent to navigate the host filesystem and access adjacent repos/assets; could lead to accidental access of unrelated files if permissions are broad.","recommendation":"Replace absolute paths with placeholders; explicitly state: only operate within the checked-out `social-clips/` repo and approved asset directories."},{"category":"Overly permissive allowed-tools (implicit)","severity":"medium","evidence":["Workflow assumes unrestricted Bash and filesystem access (npm, npx, ffmpeg, cp).","Mentions spawning 4 agents in parallel reading rendered PNG frames; implies broad file read access. "],"risk":"If the skill is bound to an execution environment that grants general shell access, it increases blast radius. No guardrails are specified about network access, secrets, or tool limits.","recommendation":"Define explicit tool allowlist and constraints: no network by default; allow only `npm run studio`, `npx remotion still/render` with constrained args; allow `ffmpeg` only on files within `out/`; deny arbitrary `cp` to home directories."}],"reasoning":"No clear prompt-injection patterns (e.g., hidden/encoded instructions, 'ignore previous') and no explicit data exfiltration steps (no curl/wget, no external URLs fetched via tools). The main concern is operational safety: the skill provides executable shell commands with absolute paths and unconstrained file output/copy locations, which is risky if an agent has broad tool permissions. Recommend sandboxing and path/command restrictions rather than outright blocking."}

---

Frontier model review complete. Human approval still required.