The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill repeatedly uses the --cookies-from-browser chrome flag with the yt-dlp command. This instruction directs the agent to access the user's local Chrome browser profile to extract session cookies and authentication tokens. This behavior facilitates the exposure and potential exfiltration of sensitive web credentials and active session data.
[EXTERNAL_DOWNLOADS]: The skill relies on uvx to dynamically download and execute the yt-dlp package from the Python Package Index (PyPI). This introduces a supply-chain risk where the agent executes third-party code that is not bundled with the skill or verified locally.
[COMMAND_EXECUTION]: The skill constructs complex shell commands using variables derived from user input, such as $VIDEO_URL, OUTPUT_PATH, and custom format strings. If the agent platform does not strictly sanitize these inputs, it could lead to arbitrary command injection on the host system.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8). It processes untrusted metadata (titles, descriptions, comments) fetched from external URLs via yt-dlp -j.
Ingestion points: Metadata retrieved from external video hosting sites (SKILL.md, Step 2).
Boundary markers: None identified; external content is parsed directly into JSON fields for agent processing.
Capability inventory: Subprocess execution via uvx yt-dlp and file system interrogation via ls -la (SKILL.md, Steps 4 and 6).
Sanitization: No explicit validation or escaping of the metadata content is performed before it is presented to or used by the agent.

youtube-download