The Agent Skills Directory

[COMMAND_EXECUTION]: The skill relies on executing external CLI tools such as yt-dlp, ffmpeg, BBDown, lux, and you-get via the Bash environment. This is the primary functional purpose of the skill.
[REMOTE_CODE_EXECUTION]: The skill uses python3 -c to execute inline Python scripts. These scripts interpolate variables like $URL and $AUDIO_FILE using single quotes (e.g., '$URL'). This pattern creates a code injection surface where a crafted input string containing single quotes could execute arbitrary code within the Python process.
[PROMPT_INJECTION]: The skill has an indirect prompt injection surface. It ingests untrusted data from external websites (subtitles, metadata, transcripts) which are then processed by the agent. If this content contains adversarial instructions, it could influence the agent's behavior.
[EXTERNAL_DOWNLOADS]: The skill provides instructions for installing dependencies from well-known sources, including PyPI (yt-dlp, youtube-transcript-api, faster-whisper), Homebrew (ffmpeg), and GitHub (github.com/iawia002/lux). These tools are established in the media downloading domain.

iopho-getting-videos