The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes transcripts from external YouTube videos. An attacker could embed malicious instructions within a video's subtitles or captions to manipulate the AI's summary or subsequent behavior.
Ingestion points: Untrusted transcript data is fetched and loaded into the agent context in 'SKILL.md' and processed via 'scripts/extract-transcript.py'.
Boundary markers: There are no explicit delimiters or boundary markers implemented to separate the untrusted transcript content from the system instructions or to warn the agent to ignore embedded commands.
Capability inventory: The skill's capabilities are primarily limited to text extraction and summarization; it does not perform high-risk operations like arbitrary command execution on processed data or network exfiltration of sensitive local files.
Sanitization: No sanitization, filtering, or validation of the transcript text is performed before it is interpolated into the summarization prompt.
[EXTERNAL_DOWNLOADS]: The skill initiates the download and installation of the 'youtube-transcript-api' library from the Python Package Index (PyPI) during the setup phase.
Evidence: 'scripts/install-dependencies.sh' and 'SKILL.md' (Step 0) contain commands to run 'pip install youtube-transcript-api'. PyPI is a well-known and standard service for Python package management.
[COMMAND_EXECUTION]: The skill executes shell commands to check for the presence of dependencies and to install them if missing.
Evidence: The workflow in 'SKILL.md' and 'scripts/install-dependencies.sh' includes the use of shell commands like 'python3 -c' and 'pip install' to manage the environment.

youtube-summarizer