The Agent Skills Directory

[COMMAND_EXECUTION]: The skill utilizes string interpolation to build shell commands, such as yt-dlp "ytsearch${COUNT}:${QUERY}", which can be exploited for shell injection if the input variables are not properly escaped by the agent.
[EXTERNAL_DOWNLOADS]: The skill instructions include a prerequisite step to install the yt-dlp tool using uv. While yt-dlp is a well-known tool for YouTube data extraction, this involves downloading external code.
[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it retrieves and interprets video metadata (titles, descriptions) from YouTube. 1. Ingestion points: Video metadata fetched via yt-dlp search. 2. Boundary markers: Absent; no instructions are provided to the agent to distinguish between data and commands within the metadata. 3. Capability inventory: Access to shell execution for utilities like yt-dlp, jq, and date. 4. Sanitization: Metadata is truncated for display, but no validation is performed to neutralize potential malicious instructions.

youtube-search