The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The script download_videos_from_manifest_with_ytdlp.mjs is designed to download video content from external URLs provided in a JSON manifest. This is an intended function of the skill's media management system.
[COMMAND_EXECUTION]: The skill executes external command-line tools for media processing. Specifically, download_videos_from_manifest_with_ytdlp.mjs spawns yt-dlp via python3 to fetch videos, and postplus_workspace_runtime.mjs invokes ffmpeg for video generation tasks. These operations use argument arrays to prevent shell-based injection.
[DATA_EXPOSURE]: The skill manages session tokens and configuration for the PostPlus vendor environment. These tokens are used solely for authenticated requests to the vendor's own API endpoints (PostPlus Cloud) and are stored in standard local configuration directories.
[INDIRECT_PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection as it processes external assets (images, videos) and untrusted manifest data. However, it implements boundary checks and specific contract logic to mitigate accidental obedience to embedded instructions.

reference-contract-builder