The Agent Skills Directory

Indirect Prompt Injection (LOW): The skill processes untrusted user input (text and styling instructions) which is then passed to a local ML model. While the risk is low for local execution, it represents an attack surface if the agent's output is consumed by other automated systems.
Ingestion points: The text and instruct parameters in run_tts.py and the JSON input file in batch_dubbing.py.
Boundary markers: Absent; inputs are passed directly to the model generator.
Capability inventory: File system write access (sf.write, shutil.copy) and local audio generation.
Sanitization: None; the script relies on the underlying MLX and Transformers libraries to handle the content.
Dynamic Execution (LOW): scripts/batch_dubbing.py performs monkey-patching on the transformers.AutoTokenizer.from_pretrained method at runtime. This is used to inject a specific fix_mistral_regex flag required for Qwen3 model compatibility but is a form of dynamic code modification.
External Downloads (SAFE): The skill downloads pre-trained models from the mlx-community organization on Hugging Face. These are well-known ports for Apple Silicon, though not on the specific Trusted GitHub list, they are standard for the intended local ML use case.

qwen3-tts-mlx