The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses ffmpeg and ffprobe via subprocess.run in scripts/narration_script_template.py to analyze video metadata, extract frames, and assemble the final narrated video. These operations are scoped to the task of video processing and do not use a shell environment for the final merge command, reducing injection risk.
[EXTERNAL_DOWNLOADS]: The skill makes network requests to generativelanguage.googleapis.com (Google Gemini) and uses the Azure Speech SDK to generate audio from text. These are well-known, trusted technology services and the usage is consistent with the skill's stated purpose.
[CREDENTIALS_UNSAFE]: The skill manages API keys (Azure and Gemini) by storing them in a local environment file (~/.narrate_video.env). The instructions and scripts/check_env.py include explicit checks to ensure keys exist without revealing their content to the agent or user, which is a security best practice.
[DATA_EXPOSURE]: The skill reads video files and metadata locally to perform its task. It does not exfiltrate sensitive data to unauthorized third-party domains; network communication is limited to the configured TTS providers.
[INDIRECT_PROMPT_INJECTION]: In scripts/narration_script_template.py, user-provided narration text is interpolated into a prompt for the Gemini TTS API. While this is an ingestion point for external data, the risk is limited to the context of audio generation, and the template uses explicit preambles (e.g., TRANSCRIPT:) to clarify intent to the model.

narrate-video