The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes transcript content fetched from YouTube, which acts as an untrusted external data source. This creates a surface for indirect prompt injection where malicious instructions embedded in video captions could influence the agent's behavior during summarization or analysis.
Ingestion points: External transcript data is fetched in scripts/fetch_transcript.py via the youtube_transcript_api library.
Boundary markers: The transcript is output under a Markdown header (## Transcript) but lacks explicit delimiters or instructions for the agent to disregard embedded commands.
Capability inventory: The skill has Bash execution capabilities for its own scripts and network access.
Sanitization: No sanitization, filtering, or instruction-stripping is performed on the transcript text before it is returned to the agent context.
[COMMAND_EXECUTION]: The skill uses the Bash tool to run its Python script via uv run. This is the intended primary functionality for dependency management and execution.
[EXTERNAL_DOWNLOADS]: The script performs network requests to YouTube's oEmbed API and official transcript services. These are well-known, legitimate services required for the skill's operation.

youtube-transcript