The Agent Skills Directory

[SAFE]: The skill acts as a legitimate wrapper for well-known media utilities and does not exhibit any malicious patterns or safety guideline bypasses.
[COMMAND_EXECUTION]: The script uses child_process.spawn to execute yt-dlp and ffmpeg. This method is secure against shell injection vulnerabilities because it passes arguments as discrete elements in an array, preventing shell interpretation of metadata characters.
[EXTERNAL_DOWNLOADS]: The project depends on the youtube-transcript-plus package, a standard library for transcript fetching. It also provides instructions for users to install the necessary yt-dlp and ffmpeg binaries through official system package managers like Homebrew.
[DATA_EXFILTRATION]: The skill's file operations are restricted to intended functionalities, such as saving downloaded content to the user's specified folder (defaulting to ~/Downloads) and using temporary system directories for subtitle processing.

video-transcript-downloader