The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill uses npx -y yt-subs to fetch and execute a package from the public npm registry at runtime. The -y flag bypasses the user confirmation prompt normally provided by npx, and the package version is not pinned to a specific version.
[COMMAND_EXECUTION]: The command execution pattern npx -y yt-subs (youtube_url_or_id) is vulnerable to command injection. Because user-supplied input (the URL or ID) is directly inserted into the shell command string without sanitization or protective delimiters, an attacker could supply shell metacharacters (e.g., ;, &&, or |) to execute arbitrary unauthorized commands on the host system.
[REMOTE_CODE_EXECUTION]: Execution of an unverified third-party package from a public registry via npx involves running remote code locally.
[PROMPT_INJECTION]: The skill processes external data (YouTube transcripts and metadata) which are untrusted ingestion points. As shown in references/sample-output.md, the output contains raw video metadata and transcript text. Without boundary markers or explicit sanitization instructions, this content could contain indirect prompt injections designed to influence the agent's behavior during subsequent processing steps.

youtube-transcript-extract