The Agent Skills Directory

[PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted YouTube transcripts and interpolates them directly into a prompt for the Claude API.
Ingestion points: Transcripts are fetched from YouTube via the youtube-transcript-api library in youtube_transcript_summarizer.py.
Boundary markers: None. The transcript text is appended directly to a string template without delimiters or instructions to ignore embedded commands.
Capability inventory: The skill can perform file writes (open().write()) and execute the yt-dlp command via subprocess.
Sanitization: There is no sanitization or filtering performed on the transcript text before it is sent to the AI model.
[COMMAND_EXECUTION]: The script uses subprocess.run to call the yt-dlp utility for fetching video titles.
Evidence: The fetch_video_title method in youtube_transcript_summarizer.py executes ['yt-dlp', '--print', 'title', ...].
Mitigation: The video_id used in the command is validated using a strict regular expression [a-zA-Z0-9_-]+, which effectively prevents shell command injection.
[DATA_EXFILTRATION]: The skill transmits video transcript data to the external Anthropic API for summarization.
Evidence: The summarize_with_claude method in youtube_transcript_summarizer.py sends up to 15,000 characters of transcript text to the claude-sonnet model.
This behavior is consistent with the skill's stated purpose but involves sending data processed from an external source to a third-party service.

youtube-transcript-summarizer