youtube-downloader
Warn
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The script
scripts/download_video.pyautomatically installs theyt-dlppackage usingpipat runtime if it is not detected. This bypasses standard environment management and introduces a dependency on external package registries during execution. - [COMMAND_EXECUTION]: The skill makes extensive use of the
subprocessmodule to executeyt-dlpcommands. While it uses argument lists to mitigate shell injection, it passes unvalidated external URLs and user-defined output paths directly to the system command. - [COMMAND_EXECUTION]: The
-oor--outputparameter allows an operator or a malicious prompt to specify arbitrary filesystem paths. If the agent has sufficient permissions, this could be used to write files to sensitive directories outside of the intended/mnt/user-data/outputs/path. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8). It fetches untrusted metadata (such as video titles) from YouTube via
yt-dlp --dump-jsonand subsequently prints this data to the terminal and uses it to construct filenames. - Ingestion points: Video metadata is fetched from external YouTube URLs in
scripts/download_video.pyviaget_video_info. - Boundary markers: No delimiters or instructions are used to separate the external metadata from the agent's logic.
- Capability inventory: The script has the capability to write files to the disk and execute system commands via
subprocess.run. - Sanitization: The script relies on
yt-dlp's internal filename sanitization but does not sanitize the metadata before printing it to the standard output, which could influence the agent's next steps.
Audit Metadata