The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill uses remote script execution patterns for installation. The README.md and bootstrap.sh scripts facilitate a "curl | bash" flow from the author's GitHub repository. Additionally, the install.sh script executes the official Homebrew installer from its verified repository.
[COMMAND_EXECUTION]: The main script, transcript.py, frequently invokes system commands via subprocess.run(). It utilizes ffmpeg for video segmenting and compression, ffprobe for analyzing media streams, yt-dlp for downloading content, and curl for fetching data.
[EXTERNAL_DOWNLOADS]: The skill performs several external network operations. It downloads system dependencies like ffmpeg and the Chromium browser engine during installation. At runtime, it fetches video data and metadata from various video hosting platforms.
[CREDENTIALS_UNSAFE]: The skill manages a Doubao API Key, which is stored in a local .env file. To mitigate the risk of unauthorized access, the install.sh script applies chmod 600 permissions to the file, ensuring it is only readable by the current user.
[PROMPT_INJECTION]: As the skill processes untrusted video data from the internet, it is vulnerable to indirect prompt injection. Malicious instructions hidden within a video's audio or visual content could potentially influence the LLM's behavior during the transcription process.
[SAFE]: The Python script scripts/transcript.py disables SSL certificate verification (ssl.CERT_NONE) to resolve certificate issues on some macOS systems. While this is a best-practice violation for HTTPS connections, it is documented as a compatibility fix and not as malicious behavior.

video-transcript