The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/download.sh implements a wrapper that passes all provided arguments ($@) directly to the yt-dlp binary. This enables argument injection vulnerabilities; an attacker providing a URL followed by flags like --exec <command> or --postprocessor-args can achieve arbitrary command execution on the host system.
[EXTERNAL_DOWNLOADS]: The documentation files references/guide.md and references/usage.md recommend a 'curl-to-shell' installation method involving sudo curl from a remote GitHub URL. While this is documentation and not automated code, it promotes insecure practices that bypass system package managers and signature verification.
[COMMAND_EXECUTION]: The skill's primary entry point does not sanitize the input URL or flags. If an agent is triggered by untrusted content (Indirect Prompt Injection), it could be tricked into executing yt-dlp with the --cookies-from-browser flag, potentially exposing sensitive session data from the host's web browsers to the external download process.
[COMMAND_EXECUTION]: The scripts/setup script creates a Python virtual environment and installs yt-dlp via pip. While the use of a standard package registry is generally safe, the script lacks version pinning for the dependency, which could lead to unverifiable or breaking changes being introduced during the setup phase.

yt-dlp