The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructions utilize sudo for system package installation of ffmpeg and for modifying permissions on the downloaded yt-dlp binary using chmod.- [EXTERNAL_DOWNLOADS]: Fetches the yt-dlp binary from its official releases on GitHub.- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it uses untrusted video titles (%(title)s) as output filenames. Ingestion points: YouTube metadata via URL. Boundary markers: Absent. Capability inventory: Subprocess calls to yt-dlp and ffmpeg with file system write access. Sanitization: Absent; filenames are generated directly from external metadata.

using-youtube-download