The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses child_process.spawnSync to execute yt-dlp (or compatible alternatives like uvx or python3 -m yt_dlp) when direct API access is blocked by anti-bot measures. Command arguments, including the YouTube video ID, are sanitized using a strict regular expression ([a-zA-Z0-9_-]{11}) to prevent command injection vulnerabilities.
[EXTERNAL_DOWNLOADS]: The script fetches transcripts and metadata from YouTube's official domains. It uses the yt-dlp flag --remote-components ejs:github which is a standard feature for the tool to dynamically fetch updated extraction logic from its official repository to maintain compatibility with YouTube's backend changes.
[PROMPT_INJECTION]: The skill processes untrusted external data in the form of YouTube transcripts. It provides a prompt template for an AI sub-agent to perform speaker identification. This process is protected by explicit instructions to maintain transcription fidelity and avoid executing or translating embedded text, mitigating the risk of indirect prompt injection.

baoyu-youtube-transcript