X Video Transcribe

The skill's stated purpose (transcribe X videos via bird + Gemini) is plausible, but the manifest/metadata omits required credentials and binaries and the runtime instructions reference a secrets path—this inconsistency and secret access deserve caution.

Before installing or running: (1) Inspect scripts/transcribe.sh to confirm it only calls bird/curl/ffmpeg and uploads audio to Gemini (no other unexpected network endpoints or uploads). (2) Update the skill's registry metadata to declare required binaries (bird, ffmpeg, curl) and required env vars (GEMINI_API_KEY, BIRD_ENV) — the current omission is suspicious. (3) Store bird credentials and the Gemini key in a location with strict file permissions; avoid placing keys in shared or world-readable agent-workspace locations. (4) Consider disabling autonomous model invocation for this skill (require user consent before running) so the model cannot call it and send credentials without your explicit action. (5) If unsure, run the script in an isolated environment/container with test credentials first.