The Agent Skills Directory

[COMMAND_EXECUTION]: The script _postplus_shared/00-core/shared-runtime/scripts/download_videos_from_manifest_with_ytdlp.mjs executes python3 -m yt_dlp using the spawn method. This is a standard and safe way to utilize the well-known media download utility for the skill's intended purpose.
[EXTERNAL_DOWNLOADS]: The skill facilitates downloading video content from external social media URLs as part of its data extraction workflow. These downloads are performed using legitimate tools and are triggered by user-initiated manifests.
[DATA_EXFILTRATION]: The skill performs network operations to interact with PostPlus Cloud APIs via _postplus_shared/00-core/shared-runtime/scripts/lib/postplus_cloud_client.mjs. This communication is used for authorized hosted capabilities and billing summaries related to the vendor's infrastructure.
[CREDENTIALS_UNSAFE]: Local CLI configuration and session tokens are managed in _postplus_shared/00-core/shared-runtime/scripts/lib/postplus_cli_config.mjs. These tokens are stored in standard platform-specific configuration directories and are required for authenticated access to the vendor's services.
[PROMPT_INJECTION]: The routing logic in scripts/route_social_media_extractor.mjs processes user inputs for platform selection and goals. The script uses explicit string validation (e.g., checking for "tiktok", "instagram", "x") before determining the next skill, effectively mitigating risks of indirect injection via the routing parameters.

social-media-extractor