The Agent Skills Directory

[Indirect Prompt Injection] (MEDIUM): The skill retrieves and processes untrusted data from the YouTube API, creating a surface for Indirect Prompt Injection attacks.
Ingestion points: getChannel (scripts/src/api/channels.ts), getVideo (scripts/src/api/videos.ts), and searchVideos (scripts/src/api/search.ts) fetch external content including descriptions and snippets.
Boundary markers: The data is stored in JSON format and presented to the agent without explicit boundary markers or instructions to ignore embedded commands.
Capability inventory: The skill possesses file-write capabilities (scripts/src/core/storage.ts) and network access via the googleapis client.
Sanitization: While filename sanitization is implemented, the textual content of the API responses is not sanitized before being saved or summarized.
[External Downloads] (LOW): The skill installs external dependencies from the npm registry during setup.
Evidence: scripts/package.json and scripts/setup.sh indicate the download and installation of external libraries.
Status: Downgraded to LOW per [TRUST-SCOPE-RULE] as the primary dependencies (e.g., googleapis) are from trusted organizations.

youtube-analytics