The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/assemble_video.py uses subprocess.run to call ffmpeg and ffprobe for media processing. Evidence: List-based arguments are used (e.g., subprocess.run(cmd, check=True)), which avoids shell injection risks.- [EXTERNAL_DOWNLOADS]: The skill makes network requests to synthesize audio data via TTS providers. Evidence: scripts/synth_audio.py communicates with api.minimaxi.com and utilizes the edge-tts package for Microsoft Edge TTS.- [CREDENTIALS_UNSAFE]: The skill requires a MINIMAX_API_KEY for paid TTS services. Evidence: The instructions (SKILL.md) and script (scripts/synth_audio.py) correctly direct the user to provide this via an environment variable rather than hardcoding.- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface by ingesting external markdown files to draft narration. Evidence: 1. Ingestion points: outline.md, handout.md, and slide-units/*.md files are read in SKILL.md steps 2 and 3. 2. Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present. 3. Capability inventory: The skill can write files, perform network requests (TTS), and execute shell commands via ffmpeg (via scripts/synth_audio.py and scripts/assemble_video.py). 4. Sanitization: No specific sanitization or escaping of the ingested file content is performed.

pdf2video