bilibili-downloader
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [NO_CODE] (SAFE): The skill consists only of a documentation file (SKILL.md). The actual implementation script mentioned (
scripts/bili_dl.cjs) is missing from the provided files, preventing a full behavioral analysis of the execution logic. - [COMMAND_EXECUTION] (SAFE): The documentation defines a command-line interface for downloading videos. While the tool is designed to execute a local script, no evidence of dangerous command injection or shell escapes was found in the documentation.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill possesses an attack surface for indirect prompt injection as it processes external URLs.
- Ingestion points:
video_urlargument. - Boundary markers: None specified in the documentation.
- Capability inventory: Likely involves network requests and file-system writes (per the description).
- Sanitization: Verification of URL/BV number format is mentioned as an error check, which provides a basic layer of input validation.
Audit Metadata