The Agent Skills Directory

Unverifiable Dependencies & Remote Code Execution (MEDIUM): The script scripts/download_video.py contains logic to automatically install the yt-dlp package via pip install if it is not already present on the system. Installing third-party packages at runtime without version pinning or integrity checks (like hashes) is a security risk, as it could lead to the execution of malicious code if the package is compromised on the registry.
Indirect Prompt Injection (LOW): The skill is susceptible to indirect prompt injection because it fetches and displays video metadata (such as titles and uploader names) from YouTube, which are attacker-controlled strings. 1. Ingestion points: get_video_info function in scripts/download_video.py uses yt-dlp to fetch JSON metadata from a provided URL. 2. Boundary markers: No delimiters or warnings are used when displaying the fetched metadata. 3. Capability inventory: The skill can execute command-line tools and write files to the output directory. 4. Sanitization: The metadata is printed to the console without any escaping or sanitization.
Command Execution (LOW): The skill uses the subprocess module to execute yt-dlp. While it avoids using shell=True and passes arguments as a list, it still facilitates the execution of external binaries with user-controlled input (the URL).

youtube-downloader