The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The script scripts/generate_narration.py uses os.system to dynamically install Python packages (gradio-client and pydub) if they are missing from the environment. Executing shell-based installation commands at runtime is a risky practice as it can lead to unverified code execution within the environment.
[COMMAND_EXECUTION]: The skill frequently executes system-level commands using subprocess.run to call ffmpeg and ffprobe for video encoding, audio-video synchronization, and metadata extraction in scripts/create_video.py.
[EXTERNAL_DOWNLOADS]: The skill connects to an external TTS service hosted on Hugging Face (ResembleAI/Chatterbox-Multilingual-TTS) to generate narration audio from text content provided in the slides.
[EXTERNAL_DOWNLOADS]: The dynamic package installation logic in scripts/generate_narration.py triggers downloads from the Python Package Index (PyPI) at runtime without version pinning or integrity verification.
[COMMAND_EXECUTION]: The skill processes external data from slides.json and presentation.pptx which are used to generate filenames and content for shell commands. While many commands use list-based arguments to mitigate injection, the skill lacks comprehensive sanitization for all processed input fields.

ppt-to-video-workflow