The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill's instructions and the script voicedrop-inbox.sh access ~/code/.env to retrieve FILES_TOKEN and Volcengine ASR/TTS credentials. This is a standard and documented practice for managing secrets within this agent ecosystem to authenticate with the vendor's private APIs.
[COMMAND_EXECUTION]: The scripts/voicedrop-inbox.sh utility executes curl to interact with the API at https://jianshuo.dev/files/api for listing, downloading, and updating the status of recordings. It also utilizes ffprobe to perform duration checks and validation on audio files before processing.
[DATA_EXFILTRATION]: The skill facilitates a bidirectional data flow with jianshuo.dev. It downloads .m4a audio files and uploads JSON metadata describing article drafts or processing errors. This data exchange is essential for the skill's primary function of syncing the state of the VoiceDrop inbox with the article generation pipeline.
[PROMPT_INJECTION]: The skill processes untrusted audio data from a remote source which is then converted to text. This transcription is passed to the wjs-mining-articles skill, creating a surface for indirect prompt injection. However, this risk is mitigated by the skill's modular design and the requirement for human confirmation during the article mining stage.

wjs-mining-voicedrop