The Agent Skills Directory

[COMMAND_EXECUTION]: The skill instructs the agent to execute a shell command python3 channel_research_pipeline.py --channel "@channelhandle" where @channelhandle is provided by the user. This pattern is vulnerable to command injection if the input is not properly sanitized.
[CREDENTIALS_UNSAFE]: The documentation explicitly points to local file paths containing sensitive API credentials, specifically 02_SEO_Research/config/api_credentials.json (YouTube Data API) and 06_Tools_APIs/cloudflare_r2/config/r2_config.json (Cloudflare R2 credentials). Accessing these files exposes secrets to the agent context.

youtube-channel-breakdown