The Agent Skills Directory

[Indirect Prompt Injection] (LOW): The skill is highly vulnerable to instructions embedded in external YouTube data. \n- Ingestion points: Untrusted transcripts and titles are fetched from YouTube and passed to subagents for processing. \n- Boundary markers: The subagent prompt template does not use delimiters or explicit instructions to ignore potential injection content within the transcript. \n- Capability inventory: Subagents are granted access to Bash, Write, and Task tools, which increases the impact of a successful injection. \n- Sanitization: No sanitization of external transcript content is mentioned before it is processed by the AI. \n- [Dynamic Execution] (LOW): The skill constructs shell commands by interpolating variables that originate from external data. \n- Evidence: SKILL.md specifies commands like 'grep -rl' and 'python3 youtube_helper.py' that use unvalidated variables like {video_id}. \n- Risk: Direct interpolation into shell contexts without strict validation is a common vulnerability surface, although the risk is limited by the expected alphanumeric format of YouTube IDs. \n- [Unverifiable Dependencies] (LOW): The skill requires the installation of the 'yt-dlp' package via pip. \n- Mitigation: yt-dlp is a trusted and common tool, but any external dependency introduction should be monitored for supply chain security.

youtube-catchup