The Agent Skills Directory

[COMMAND_EXECUTION]: The skill generates a temporary Python script in the /tmp directory and executes it using python3. It also utilizes pip3 to install required dependencies.
[EXTERNAL_DOWNLOADS]: Installs the google-api-python-client library from PyPI. This is a legitimate and trusted package provided by Google for API interaction.
[PROMPT_INJECTION]: The skill contains an indirect prompt injection surface. Ingestion points: Untrusted data including video titles, tags, and descriptions are fetched from the YouTube Data API and stored in title_tag_data.json. Boundary markers: Absent; the instructions in SKILL.md for Step 8 (report generation) do not include specific delimiters or instructions to the agent to disregard potential commands found within the analyzed metadata. Capability inventory: The agent is capable of file writing (os.makedirs, open) and command execution (python3, pip3, rm) as described in SKILL.md. Sanitization: The user-provided keyword is sanitized for use in directory names, but the content retrieved from the YouTube API is not sanitized or filtered for instructions before being read by the agent.

youtube-title-tag-optimizer