The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The script _utility__download_jq.sh fetches the jq binary from the official jqlang/jq repository on GitHub. This is a well-known service and the repository is the standard source for this utility.
[PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface in SKILL.md. It ingests untrusted YouTube transcripts and processes them using LLM-based strategies (standard, sectioned, and chunked). While it uses partitioned tasks for longer content, it lacks explicit sanitization or strict boundary markers for the raw transcript text, which could contain embedded malicious instructions.
Ingestion points: Transcripts are read from file paths provided to summary.sh and then processed by the agent.
Boundary markers: Missing; the prompts do not use specific delimiters or instructions to ignore embedded commands within the transcript body.
Capability inventory: The skill uses the Task tool (for subagents), Read tool (to access transcript files), and Write tool (to save summaries).
Sanitization: None detected; the transcript content is directly interpolated into prompts for summarization.

mk-youtube-transcript-summarize