The Agent Skills Directory

[Data Exposure & Exfiltration] (HIGH): The skill documentation and the scripts/download.py wrapper facilitate the use of the --cookies-from-browser flag. This allows the tool to access sensitive session cookies from the user's web browsers (e.g., Chrome, Firefox, Safari), posing a severe risk of session hijacking and unauthorized access to private data stored in the user's browser.\n- [Indirect Prompt Injection] (HIGH): The skill processes untrusted URLs from external sources and passes them directly to system commands without sanitization, creating a significant attack surface.\n
Ingestion points: The url parameter in scripts/download.py and the various command examples in SKILL.md.\n
Boundary markers: No markers or delimiters are present to distinguish the untrusted URL from agent instructions.\n
Capability inventory: The skill uses subprocess.run to execute yt-dlp and has permissions to write files to the local file system.\n
Sanitization: No validation or sanitization of the input URL is performed before it is interpolated into the command list.\n- [Unverifiable Dependencies & Remote Code Execution] (MEDIUM): The documentation in references/platform-tips.md recommends installing a third-party plugin (bgutil-ytdlp-pot-provider) from an unverified source to bypass platform restrictions, which could lead to the execution of malicious code if the package is compromised.\n- [Dynamic Execution] (MEDIUM): The Python script dynamically constructs and executes system commands via subprocess.run based on variable inputs such as output paths and browser cookie sources. While it avoids the shell, it still allows the agent to control execution parameters using external or user-provided data.

video-downloader