The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes the ffmpeg binary via subprocess.run in scripts/transcribe.py to extract audio. Command arguments are constructed using UUIDs and sanitized strings to prevent shell injection.- [EXTERNAL_DOWNLOADS]: The skill downloads video and metadata from various well-known platforms and APIs, including doupai.cc, which was flagged by automated scanners. These downloads target established services and are essential for the skill's video parsing functionality.- [DATA_EXFILTRATION]: Audio files and user-configured API keys are sent to the SiliconFlow transcription service at api.siliconflow.cn. This follows the skill's documented transcription workflow.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted metadata (video titles and descriptions) from external sources and interpolates them into Markdown reports without boundary markers or content sanitization. Ingestion Points: scripts/parser/ platform files; Capability: File system write and network access; Sanitization: Filename only.

yby6-video-parser