The Agent Skills Directory

[CREDENTIALS_UNSAFE] (HIGH): The skill explicitly instructs the agent to use the --cookies-from-browser chrome flag. This action attempts to extract sensitive session cookies and authentication tokens from the user's local Chrome browser, which can lead to unauthorized account access.
[COMMAND_EXECUTION] (HIGH): The skill builds shell commands by interpolating variables like $VIDEO_URL and OUTPUT_PATH directly into string templates. Without strict sanitization, this is highly vulnerable to command injection via shell metacharacters (e.g., ;, |, `).
[EXTERNAL_DOWNLOADS] (HIGH): The skill relies on uvx to download and execute the yt-dlp package from PyPI at runtime. This introduces a supply chain risk as the agent executes unverified code downloaded from a public registry.
[REMOTE_CODE_EXECUTION] (HIGH): The combination of processing untrusted external URLs and constructing shell commands provides a vector for Remote Code Execution.
[INDIRECT_PROMPT_INJECTION] (HIGH): Mandatory Evidence Chain: (1) Ingestion points: The $VIDEO_URL and the JSON metadata returned by yt-dlp -j (e.g., video titles). (2) Boundary markers: Absent. (3) Capability inventory: Shell execution via uvx and directory listing via ls. (4) Sanitization: Absent. Malicious metadata in a video could potentially influence the agent's subsequent commands.

youtube-download