The Agent Skills Directory

[COMMAND_EXECUTION]: The skill safely executes yt-dlp using list-based subprocess.run calls. It implements a robust argument validation system (validate_extra_args) that whitelists safe flags and blacklists dangerous options like --exec and --config-location to prevent command injection.\n- [EXTERNAL_DOWNLOADS]: Remote content is fetched only from verified YouTube domains through a strict domain whitelist in is_valid_youtube_url, mitigating risks of SSRF and arbitrary file downloads.\n- [SAFE]: Filename sanitization and output directory restrictions are enforced to prevent path traversal and unauthorized file system access.\n- [PROMPT_INJECTION]: An indirect prompt injection surface exists as the skill processes user-controlled video titles and transcripts. Evidence: 1. Ingestion: scripts/get_transcript.py and scripts/get_video_info.py. 2. Boundaries: None. 3. Capabilities: Sanitized subprocess calls and file writes to .tmp/. 4. Sanitization: Filename and URL validation. This risk is inherent to the use case and does not escalate the verdict.

youtube-tools