The Agent Skills Directory

[COMMAND_EXECUTION]: The skill employs bash scripts to handle local configuration files and to poll the vendor's API for task status. These operations are restricted to the skill's specific data directory and utilize common system utilities such as curl and jq.- [EXTERNAL_DOWNLOADS]: The skill downloads generated media assets (audio/video) from the author's official API domain (api.marswave.ai). This behavior is expected and necessary for the skill's core functionality.- [PROMPT_INJECTION]: The skill ingests user-provided topics and descriptions which are subsequently processed by an AI model. While this constitutes an indirect prompt injection surface, the risk is addressed by a hard-coded requirement for user confirmation before any data is sent to the remote generation service.- [CREDENTIALS_UNSAFE]: The skill requires an API key (LISTENHUB_API_KEY) provided via environment variables. It follows established patterns for secure credential handling and does not hardcode secrets or expose them to unauthorized endpoints.

explainer