The Agent Skills Directory

[COMMAND_EXECUTION]: The skill is designed to construct and execute shell commands using the yutu CLI utility. It maps user intentions to specific subcommands like video insert, video delete, and video update, passing user-provided arguments directly to the command flags.
[DATA_EXFILTRATION]: The insert and update operations include flags (--file, --thumbnail) that allow the agent to read files from the local filesystem. This capability could be exploited if an attacker influences the agent to 'upload' sensitive files (such as configuration files or SSH keys) to a YouTube channel.
[PROMPT_INJECTION]: The skill instructions in SKILL.md include a directive to 'Always use this skill when the user mentions video... even if they don't explicitly ask for video management.' While intended for functional persistence, such broad triggers can be leveraged to steer agent behavior unexpectedly.
[INDIRECT_PROMPT_INJECTION]: The skill possesses a significant attack surface for indirect injection as it retrieves data from an external, untrusted source (YouTube) via list and getRating operations. Maliciously crafted video titles or descriptions could influence the agent's next steps, especially since the skill also has destructive capabilities like delete.

yutu-video