The Agent Skills Directory

[SAFE]: The skill is well-structured and follows secure development practices for its intended purpose of AI video generation.
[COMMAND_EXECUTION]: The skill uses Python scripts to interact with the TensorsLab API and handle the OAuth-like authorization process. These scripts are invoked with user-provided prompts and parameters according to the defined workflow.
[DATA_EXFILTRATION]: Communication is restricted to 'api.tensorslab.com' and 'tensorai.tensorslab.com'. These are official vendor domains used for task submission, status polling, and user authentication. No unauthorized external data transmission was detected.
[CREDENTIALS_UNSAFE]: API keys are managed using a dedicated configuration file in the user's home directory ('~/.tensorslab/.env'). The authorization script facilitates this via a local HTTP server on the loopback interface ('127.0.0.1'), which is a standard and safe practice for local application authentication.
[EXTERNAL_DOWNLOADS]: The skill downloads generated video files from URLs provided by the authenticated TensorsLab API and saves them to a local directory ('./tensorslab_output/').
[SAFE]: The code utilizes 'yaml.safe_load' when reading configuration and mapping files, preventing potential unsafe deserialization vulnerabilities.

tl-video