Social Downloader

The skill provides functionality to download and transcribe social media videos using yt-dlp and OpenAI's API. However, it contains a shell injection vulnerability in `scripts/download_best.sh` where the `$URL` parameter is passed directly to a shell command without sanitization. Additionally, `scripts/download_transcribe.py` accesses the user's `OPENAI_API_KEY` to exfiltrate audio data to OpenAI's transcription endpoint; while this aligns with the stated purpose, the use of a non-standard model name ('gpt-4o-mini-transcribe') and manual multipart request construction warrants caution.