The Agent Skills Directory

[COMMAND_EXECUTION]: The validate-video.py script generates JSON output containing a 'fix' field with suggested shell commands (e.g., ffmpeg -i {video_path} ...). The SKILL.md instructions explicitly direct the agent to 'attempt auto-fix' based on validation results. Because the video_path is interpolated directly into these strings, a maliciously named file containing shell metacharacters could lead to arbitrary command execution when the agent attempts to run the suggested fix.
[COMMAND_EXECUTION]: The skill relies on executing system utilities such as ffmpeg, ffprobe, and the egaki CLI. The Python scripts use subprocess.run to call these tools; while they use argument lists to prevent shell injection during the script's own execution, they operate on paths and configurations that can be influenced by external inputs.
[EXTERNAL_DOWNLOADS]: The production workflow involves significant interaction with external APIs, including fal.ai for video generation, ElevenLabs for voiceover synthesis, and Pexels for stock footage. These are well-known services used for their intended purpose within the video production context.

paw-cra-video-longform