The Agent Skills Directory

[COMMAND_EXECUTION]: The scripts/vtd.js file implements a passthrough mechanism using the -- argument. This feature forwards all subsequent arguments directly to the yt-dlp subprocess execution.
Evidence: The parseArgs function captures arguments after -- into opts.extra, which are then spread into the spawn arguments for yt-dlp in various command functions.
Risk: A malicious actor or a manipulated agent could include flags like --exec <command>, which is a native yt-dlp feature that executes arbitrary shell commands after a download completes.
[PROMPT_INJECTION]: The primary purpose of the skill is to fetch video transcripts and subtitles from external sources and present them as a clean paragraph to the agent.
Ingestion points: scripts/vtd.js uses youtube-transcript-plus and yt-dlp to fetch remote content.
Capability inventory: The skill has file-system write access and the ability to execute subprocesses.
Risk: This creates an indirect prompt injection surface where instructions hidden within video subtitles (attacker-controlled external data) are ingested into the agent's context and could influence its subsequent actions.
[EXTERNAL_DOWNLOADS]: The skill depends on external Node.js packages and requires the presence of third-party binaries on the host system.
Evidence: package.json includes youtube-transcript-plus. SKILL.md instructs the user to install yt-dlp and ffmpeg via Homebrew.

video-transcript-downloader