The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses sudo apt update && sudo apt install -y yt-dlp to install system dependencies on Linux, which requires elevated administrative privileges.
[EXTERNAL_DOWNLOADS]: It attempts to download and install external software packages including yt-dlp and openai-whisper from public registries using pip, brew, or apt if they are not already installed.
[COMMAND_EXECUTION]: The skill executes various shell commands to extract video metadata, download media, and perform file system operations. It also runs a Python script via python3 -c using shell variables ($VTT_FILE, $VIDEO_TITLE) which are interpolated directly into the command string, potentially allowing for command breakage if filenames contain special characters.
[PROMPT_INJECTION]: The skill processes untrusted data from YouTube video transcripts, creating a surface for indirect prompt injection attacks where malicious instructions in a video's captions could influence the agent's behavior.
Ingestion points: Reads content from .vtt subtitle files downloaded from YouTube (file names like transcript_temp.en.vtt).
Boundary markers: None; the transcript text is processed and saved to a .txt file without using delimiters to separate the data from instructions.
Capability inventory: The skill has access to Bash, Read, and Write tools, providing a broad execution environment.
Sanitization: Performs basic regex-based cleaning to remove HTML-like tags and deduplicate lines, but does not sanitize for agent-specific injection patterns.

youtube-transcript