The Agent Skills Directory

[Indirect Prompt Injection] (HIGH): Vulnerable surface detected for Indirect Prompt Injection. 1. Ingestion points: The VIDEO_URL provided by the user and metadata retrieved from external sites. 2. Boundary markers: Absent; user input is directly interpolated into shell command templates. 3. Capability inventory: Subprocess execution via shell, network access, and file system write access. 4. Sanitization: Absent; there is no logic to escape or validate the URL before execution. An attacker could use a URL like https://example.com"; rm -rf ~; # to execute arbitrary commands.
[Data Exposure & Exfiltration] (HIGH): The skill recommends using the --cookies-from-browser flag. This command allows the agent to extract sensitive authentication tokens (session cookies) from the user's local browser database. Combined with the network permission, this allows for the exfiltration of private account credentials to external sources.
[Unverifiable Dependencies & Remote Code Execution] (LOW): The skill relies on external binaries yt-dlp and ffmpeg and suggests runtime installation via pip and brew. While these are trusted sources, providing instructions for the agent to install software at runtime is a risk-increasing practice.

yt-dlp-downloader