The Agent Skills Directory

EXTERNAL_DOWNLOADS (HIGH): The installation guide in 'wiki/Installation.md' provides commands to download executable binaries directly from GitHub via curl, wget, and aria2c. Because the 'yt-dlp' GitHub organization is not on the specific Trusted GitHub Organizations list provided in the security skill, these downloads are classified as high-risk.\n
Evidence: 'curl -L https://github.com/yt-dlp/yt-dlp/releases/latest/download/yt-dlp -o ~/.local/bin/yt-dlp' in 'wiki/Installation.md'.\n- REMOTE_CODE_EXECUTION (HIGH): The skill documentation describes features that involve fetching and executing remote code, specifically the 'yt-dlp -U' self-update command and the manual installation of binaries that are subsequently marked as executable via 'chmod'.\n
Evidence: 'chmod a+rx ~/.local/bin/yt-dlp' and 'yt-dlp -U' in 'wiki/Installation.md'.\n- COMMAND_EXECUTION (MEDIUM): The skill includes numerous instructions for executing system commands with administrative privileges using 'sudo' and 'doas' for package management and repository configuration.\n
Evidence: 'sudo add-apt-repository ppa:tomtomtom/yt-dlp' and 'sudo pacman -Syu yt-dlp' in 'wiki/Installation.md'.\n- PROMPT_INJECTION (LOW): The skill is designed to ingest data (titles, descriptions, and subtitles) from thousands of external websites. The documentation in 'SKILL.md' suggests a workflow where this untrusted content is piped into an LLM for summarization or article generation, creating a risk for indirect prompt injection.\n
Ingestion points: Video metadata and subtitles fetched from remote URLs ('SKILL.md', 'wiki/Extractors.md').\n
Boundary markers: No delimiters or instruction-ignore warnings are present in the processing examples.\n
Capability inventory: The skill utilizes 'yt-dlp' to download files and suggests piping output to an 'llm' tool ('SKILL.md').\n
Sanitization: No sanitization or validation of the fetched text content is described before it is processed by the LLM.

yt-dlp