The Agent Skills Directory

[COMMAND_EXECUTION]: The skill invokes several external CLI tools, including yt-dlp, ffmpeg, whisper, and pandoc, through Python's subprocess.run and agent-led shell instructions. The Python implementations in scripts/check_deps.py, scripts/fetch_transcripts.py, scripts/list_channel.py, and scripts/render_pdf.py correctly pass arguments as lists (e.g., subprocess.run(['tool', 'arg1', ...])), which prevents shell injection vulnerabilities.
[PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because the agent is instructed to read and synthesize content from external YouTube transcripts during Step 5. Maliciously crafted subtitles could attempt to influence the agent's synthesis logic or behavior.
Ingestion points: Transcripts are fetched from YouTube by scripts/fetch_transcripts.py and stored as Markdown files in the .research-yt/ workspace.
Boundary markers: The instructions do not explicitly require the use of delimiters or 'ignore' instructions when the agent reads the retrieved transcript files.
Capability inventory: The skill has file system access, network access (via yt-dlp), and command execution capabilities (via scripts).
Sanitization: The parse_vtt function in scripts/fetch_transcripts.py strips timecodes and HTML-like tags from transcripts but does not filter the natural language content for malicious instructions.

research-yt