The Agent Skills Directory

[COMMAND_EXECUTION]: The skill makes extensive use of external CLI tools through Python's subprocess.run module.
Affected files include scripts/check_deps.py, scripts/fetch_transcripts.py, scripts/list_channel.py, and scripts/render_pdf.py.
It executes yt-dlp for metadata and media retrieval, various whisper implementations for transcription, and pandoc or xelatex for document rendering.
The implementation is generally safe as it uses list-based arguments rather than shell strings, mitigating common command injection vectors.
[INDIRECT_PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by processing untrusted data from the internet.
Ingestion points: Video descriptions are ingested in scripts/list_channel.py and saved to index.json. Video transcripts are ingested in scripts/fetch_transcripts.py and saved to transcript.md.
Boundary markers: The prompt instructions in SKILL.md do not define clear delimiters or "ignore embedded instructions" warnings for the LLM when reading these files.
Capability inventory: The agent has the capability to execute shell commands (via the provided scripts) and write files to the local directory.
Sanitization: Inputs used for file paths are passed through a slugify function to prevent path traversal; however, the actual text content of the transcripts and descriptions is not sanitized for malicious LLM instructions.
[EXTERNAL_DOWNLOADS]: The skill downloads media and metadata from YouTube's infrastructure via yt-dlp and fetches transcription models for Whisper. These are legitimate operations for the skill's stated purpose and target well-known services.
[DATA_EXFILTRATION]: While the skill communicates with YouTube to fetch data, there is no evidence of sensitive local data being transmitted to external servers. All fetched data is stored in a local hidden workspace (./.youtube-research/).

youtube-research