The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill instructions mandate the automatic installation of the 'youtube-transcript-api' Python library using 'pip install' if it is not already present on the user's system (documented in SKILL.md).
[REMOTE_CODE_EXECUTION]: The skill uses 'python -c' to execute a script for transcript extraction. This script dynamically interpolates a video ID derived from an external URL into a Python string, which can lead to command injection if the input is not strictly validated (documented in SKILL.md).
[COMMAND_EXECUTION]: The skill invokes several command-line tools, including 'pip' for package management, 'python' for script execution, and the GitHub CLI ('gh') for repository analysis (documented in SKILL.md).
[DATA_EXFILTRATION]: The skill requests and accesses sensitive file paths and directories, specifically the user's projects folder and the Claude Code memory file located at '~/.claude/memory/MEMORY.md'. Access to these files exposes project structures and personal context to the agent (documented in SKILL.md).
[PROMPT_INJECTION]: The skill serves as a high-surface-area target for indirect prompt injection because its core function is to ingest and process untrusted content from the web, GitHub, and YouTube. The instructions lack boundary markers or sanitization steps to prevent embedded instructions in the source material from manipulating the agent's behavior.
Ingestion points: Fetches content from external URLs via WebFetch, GitHub repos via 'gh', and YouTube transcripts (SKILL.md).
Boundary markers: None identified; untrusted data is processed directly by the agent and sub-agents.
Capability inventory: Permissions to read/write local files, execute shell commands, and invoke sub-agents (SKILL.md).
Sanitization: No validation or sanitization of retrieved external content is specified before processing.

triage-finding