The Agent Skills Directory

Data Exposure & Exfiltration (HIGH): The skill instructions require the user to move sensitive Google OAuth 2.0 credentials to a specific local path at ~/.config/youtube-skill/credentials.json. Storing secrets in predictable local paths increases the risk of exfiltration by other malicious processes or scripts.
Data Exposure & Exfiltration (MEDIUM): The skill provides tools to access private user information, including subscriptions, liked videos, and channel statistics, which could be exfiltrated if the script or the environment is compromised.
External Downloads (LOW): The skill requires the installation of external binaries uv and yt-dlp via Homebrew. While these are widely used tools, they remain external dependencies required for functionality.
Command Execution (LOW): The skill frequently executes a local script (youtube.py) using the uv run command. This represents a local code execution surface.
Indirect Prompt Injection (LOW): The skill ingests untrusted text data from YouTube video transcripts and user comments, which are vectors for indirect prompt injection. * Ingestion points: Video transcripts and comment threads retrieved via the script. * Boundary markers: No explicit delimiters or instructions to ignore embedded commands are documented in the skill logic. * Capability inventory: Subprocess execution and network communication via the YouTube API. * Sanitization: There is no evidence that the retrieved external content is sanitized or filtered before being processed by the agent.

youtube