The Agent Skills Directory

[COMMAND_EXECUTION]: The skill generates a Python script at a temporary location (/tmp/_yt_topic_researcher_XXXX.py) and executes it via the shell. It also performs cleanup operations using the rm command to delete temporary files and data.
[EXTERNAL_DOWNLOADS]: The skill initiates the installation of the google-api-python-client package using pip3. This package is a well-known library provided by Google, though it is not pinned to a specific version in the instructions.
[PROMPT_INJECTION]: The skill retrieves and analyzes untrusted metadata (titles, descriptions, and tags) from YouTube videos, which serves as a potential vector for indirect prompt injection.
Ingestion points: Data fetched from the YouTube Data API is saved to a JSON file and subsequently read by the agent to generate research reports (Steps 7 and 8).
Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat the retrieved YouTube metadata as untrusted or to ignore any instructions embedded within that data.
Capability inventory: The skill has the capability to execute shell commands, create and delete files, and make network requests through the generated Python script.
Sanitization: The Python script uses standard JSON serialization for output and employs regular expressions to sanitize topic names before using them in file system paths.

youtube-topic-researcher