The Agent Skills Directory

[COMMAND_EXECUTION]: The utility script download_videos_from_manifest_with_ytdlp.mjs uses the Node.js spawn function to execute python3 -m yt_dlp. This is used to download video files from URLs specified in a manifest JSON file, which is a core feature of the media production workflow.
[EXTERNAL_DOWNLOADS]: The skill facilitates the download of video assets from external URLs provided in a manifest. This behavior is documented and necessary for the skill's function of managing and matching media assets.
[DATA_EXFILTRATION]: The skill includes a cloud client (postplus_cloud_client.mjs) that communicates with the author's official API for session management and hosted media generation tasks. These network operations target legitimate vendor endpoints.
[CREDENTIALS_UNSAFE]: Shared library code (postplus_cli_config.mjs) reads configuration files from standard OS paths (e.g., ~/.config/postplus/config.json) to retrieve CLI session tokens. This is standard practice for CLI-integrated tools from the same vendor and is used for authenticated API requests.
[SAFE]: No evidence of malicious prompt injection, code obfuscation, or persistence mechanisms was detected. The logic for matching beats to B-roll in run_match_broll_plan.mjs is transparent and follows established heuristic patterns for media post-production.

broll-match-engine