The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It processes untrusted data from YouTube transcripts and vision-extracted on-screen text to build a knowledge base and update its operational instructions in SKILL.md files.
Ingestion points: Untrusted data enters the agent context via the Supadata API and video metadata descriptions, as seen in SKILL.md and references/supadata.md.
Boundary markers: The skill lacks explicit delimiters or instructions to ignore potential malicious prompts embedded within the processed video content.
Capability inventory: The agent has the ability to write files to the local file system, modify its own SKILL.md instruction files, execute the install-skills.sh script, and perform git operations as described in references/skill-upgrade-protocol.md.
Sanitization: There is no evidence of sanitization, escaping, or validation of the extracted prompts or techniques before they are proposed for inclusion in a skill update.
[COMMAND_EXECUTION]: The workflow relies on several shell commands, including curl for interacting with external APIs, git for maintaining the skill repository, and a local installation script (./install-skills.sh) to synchronize changes to the agent environment.
[EXTERNAL_DOWNLOADS]: The skill performs network operations to api.supadata.ai to retrieve video data. Additionally, it is instructed to use web_fetch to download resources found in video descriptions, which may involve connecting to various untrusted third-party domains.

laniameda-youtube-digest