The Agent Skills Directory

Persistence Mechanisms (HIGH): The documentation explicitly states that the setup process saves the API key to the user's shell profile and agent config. Modifying startup files like ~/.bashrc, ~/.zshrc, or ~/.profile is a high-severity finding as it is a standard persistence technique used to maintain access or execute code during shell initialization.
Command Execution (MEDIUM): The authentication workflow requires running a local script ./scripts/tapi-auth.js via Node.js. Since the script content is not provided for review but is executed with user-provided parameters (email, tokens, OTP), it represents a risk of arbitrary command execution if the script is malicious or improperly sanitized.
Indirect Prompt Injection (LOW): The skill processes untrusted data from YouTube (video titles, channel handles, and full transcripts) which can be controlled by third-party attackers.
Ingestion points: API responses from transcriptapi.com including results[].title, playlist_info.description, and transcript text content.
Boundary markers: Absent. The data is retrieved via curl and passed directly to the agent context without delimiters.
Capability inventory: The skill has the ability to execute local Node.js scripts and perform network operations via curl.
Sanitization: Absent. There is no evidence of filtering or validation for the content of the transcripts or video metadata before it is presented to the LLM.
External Downloads (LOW): The skill uses curl to interact with transcriptapi.com. Per the [TRUST-SCOPE-RULE], this domain is not on the trusted list, and while expected for this skill's functionality, it remains an untrusted external interaction.

youtube-playlist