The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill's installation instructions recommend a high-risk method where a script from an untrusted GitHub repository is piped directly into a shell. This allows the remote script to execute arbitrary commands with the user's privileges without prior inspection. Evidence: curl -fsSL https://raw.githubusercontent.com/sonpiaz/watch-cli/main/install.sh | bash in SKILL.md.- [EXTERNAL_DOWNLOADS]: The skill fetches code and dependencies from the sonpiaz/watch-cli repository on GitHub, which is not an established or trusted vendor organization. Evidence: References to github.com/sonpiaz/watch-cli in SKILL.md.- [DATA_EXFILTRATION]: The skill encourages the use of sensitive browser cookie files (~/cookies.txt) to bypass authentication on social media platforms. Accessing and providing these cookies to local or remote tools poses a significant risk of credential exposure if the data is mishandled. Evidence: Instructions for using the --cookies flag in the Configuration and Troubleshooting sections of SKILL.md.- [COMMAND_EXECUTION]: The skill invokes several external command-line utilities (yt-dlp, ffmpeg, jq) via shell commands, which increases the attack surface if user-provided URLs or metadata are not strictly validated. Evidence: Orchestration logic described in the watch and dl-video command sections.- [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by processing external video transcripts and visual frames as untrusted input. Ingestion points: Video content and metadata processed by the watch, transcribe, and audio-q commands. Boundary markers: Absent; the agent is not instructed to isolate or ignore instructions embedded within the extracted transcripts or frame data. Capability inventory: The agent has access to shell execution (curl, bash), file system writes, and network access for API interactions. Sanitization: Absent; the skill does not validate or sanitize content before it is processed by the AI models.

watch-cli-video-agent