The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill interacts with 'api.minimaxi.com' for text-to-speech and voice management tasks. This is a well-known service corresponding to the skill's stated purpose and author (MiniMax-OpenPlatform). No untrusted external downloads or remote script executions were detected.
[COMMAND_EXECUTION]: The skill uses the Python 'subprocess' module to execute FFmpeg and FFprobe for audio format conversion, merging, and metadata analysis. Command arguments are constructed as lists (not shell strings), which follows security best practices to prevent shell injection. These operations are restricted to audio processing tasks defined in the skill.
[CREDENTIALS_UNSAFE]: No hardcoded API keys or secrets were found. The skill correctly instructs users to set the 'MINIMAX_VOICE_API_KEY' as an environment variable and uses 'os.getenv' to retrieve it at runtime.
[DATA_EXFILTRATION]: Network activity is restricted to the official MiniMax API endpoints for the purpose of audio generation and management. The skill manages temporary audio files in a local directory ('./audio/tmp/') and explicitly requires the agent to wait for user confirmation before cleaning up these files.
[PROMPT_INJECTION]: The instructions in 'SKILL.md' are focused on providing a consistent workflow for text segmentation and voice selection. No patterns attempting to bypass agent safety filters or override system instructions were identified.
[INDIRECT_PROMPT_INJECTION]: The skill processes user-provided text to generate audio. While this text is analyzed by the agent to create a 'segments.json' file, the workflow includes multiple validation and preview steps ('python mmvoice.py validate', user confirmation of the segmentation plan) which act as mitigations against unintended behavior from processed data.

mm-voice-maker