The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The download.py script disables SSL certificate verification globally by setting ssl._create_default_https_context = ssl._create_unverified_context. This makes all network operations within the script vulnerable to Man-in-the-Middle (MitM) attacks, potentially allowing an attacker to intercept session cookies or video data.
[CREDENTIALS_UNSAFE]: The skill stores sensitive browser session cookies (e.g., SESSDATA for Bilibili) in plaintext JSON files within the ~/.config/video-download/ directory.
[COMMAND_EXECUTION]: The skill invokes ffmpeg via subprocess.run to merge video and audio streams. While it uses an argument list to mitigate shell injection, the output file path is constructed using video titles fetched from external websites, posing a risk if titles contain malicious path components that bypass the basic clean_filename function.
[EXTERNAL_DOWNLOADS]: The skill's setup instructions and code involve downloading browser binaries from npmmirror.com and Python packages from tsinghua.edu.cn. These are well-known technology mirrors.
[PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it processes untrusted user-provided URLs and retrieves metadata (page titles) from external platforms.
Ingestion points: The share_text CLI argument and the page.title() result from the Playwright browser automation.
Boundary markers: None are implemented to distinguish between downloaded data and agent instructions.
Capability inventory: The skill possesses capabilities for network access, browser automation, and local file system operations.
Sanitization: Basic filename sanitization is performed, but the primary content from external sources is not sanitized against potential instructional text.

video-download