The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses dynamic context injection (the !command syntax) in SKILL.md to perform environment checks during skill loading. Specifically, it executes which yt-dlp and a Python import test for duckduckgo_search. These commands are benign and used solely to verify the execution environment.
[COMMAND_EXECUTION]: The skill relies on yt-dlp and python3 to perform video searches and parse the resulting JSON data. These operations are core to the skill's functionality and do not involve unauthorized file access or data exfiltration.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it takes user-supplied search queries from $ARGUMENTS and interpolates them directly into shell commands for yt-dlp and python3.
Ingestion points: User input is received via the <query> argument in the $ARGUMENTS string.
Boundary markers: No delimiters or explicit instructions to ignore embedded commands are present in the command templates.
Capability inventory: The skill utilizes Bash(yt-dlp *) and Bash(python3 *) to execute web-connected searches and local data processing.
Sanitization: The instructions do not specify any sanitization or escaping for the user-provided query before it is passed to the shell.

iopho-searching-videos