Youtube Editor

The skill is classified as suspicious due to a local HTML injection (XSS) vulnerability in `scripts/process_video.py`. The `avatar_path` argument, which can be user-controlled, is directly embedded into an `<img>` tag's `src` attribute within an HTML template without proper HTML escaping. This could allow a malicious user to inject arbitrary JavaScript into the locally rendered HTML, which is then processed by Playwright. While the skill demonstrates good security practices like YouTube URL validation and safe subprocess execution for other features, this specific input sanitization oversight presents a vulnerability.