The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The script scripts/download.py automatically installs the yt-dlp package from PyPI using pip install if it is not already present on the system. While yt-dlp is a well-known tool, automatic package installation is a noteworthy behavior.
[COMMAND_EXECUTION]: The skill executes python3 to run its bundled download.py script. The script itself uses subprocess.run to execute the pip command for dependency management.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8). It fetches and displays untrusted metadata (titles, descriptions, uploader names) from external video platforms.
Ingestion points: Metadata is ingested via ydl.extract_info(url) in scripts/download.py and printed to the console.
Boundary markers: No boundary markers or 'ignore' instructions are used when printing the external metadata to the agent's context.
Capability inventory: The skill has the capability to write files to the local filesystem (video downloads) and execute shell commands (via subprocess.run during setup).
Sanitization: The script truncates descriptions to 200 characters but does not perform sanitization or escaping of the content to prevent instructions embedded in video titles or descriptions from influencing the agent's next steps.

youtube-dl