The Agent Skills Directory

[COMMAND_EXECUTION]: The skill's bash instructions interpolate user-provided URL strings directly into shell commands. Specifically, in Step 1, the variable USER_PROVIDED_URL is used within an echo command and piped to grep and sed. If a user provides a URL containing shell metacharacters (e.g., ;, &, or $()), it could lead to arbitrary command execution within the agent's shell environment.
[EXTERNAL_DOWNLOADS]: The skill relies on the third-party Python library youtube-transcript-api. It explicitly instructs the agent to install this package via pip if it is missing, which introduces an external dependency into the runtime environment.
[PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection (Category 8).
Ingestion points: The skill fetches transcripts from external YouTube videos which are then processed by the LLM (SKILL.md).
Boundary markers: There are no instructions or delimiters provided to help the agent distinguish between its own system instructions and potentially malicious instructions embedded within the video transcript.
Capability inventory: The agent has the ability to execute shell commands and install software packages, increasing the potential impact of a successful injection.
Sanitization: The skill lacks any sanitization or filtering logic for the transcript text before passing it to the model for summarization.

youtube-summarizer