The Agent Skills Directory

[COMMAND_EXECUTION]: The skill interacts with system utilities such as yt-dlp and mpv to search for and play music. These interactions are performed via child_process.spawnSync and child_process.spawn using argument arrays rather than raw shell strings, which effectively prevents shell command injection vulnerabilities.
[EXTERNAL_DOWNLOADS]: The skill fetches audio metadata and streams from YouTube using yt-dlp. As YouTube is a well-known and expected service for this utility's purpose, this does not pose a security risk. The skill also provides safe instructions for users to install necessary dependencies via official system package managers (apt, brew, winget).
[SAFE]: The skill demonstrates safe handling of external data by escaping Markdown special characters before displaying search results from YouTube metadata to the agent. This reduces the risk of indirect prompt injection or display-based attacks.

music