youtube-downloader
Warn
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [Unverifiable Dependencies] (MEDIUM): In
scripts/download_video.py, the functioncheck_yt_dlpexecutespip installat runtime if the dependency is not found. This practice bypasses static analysis of dependencies and introduces a risk of Supply Chain Attack if the package registry is compromised. - [Command Execution] (MEDIUM): The skill relies heavily on
subprocess.runto execute external commands. While it avoids shell=True, it passes user-provided URLs and output paths directly to theyt-dlpbinary. A malicious user or an indirect prompt injection via a video URL could attempt to exploit flags in the underlying tool. - [Data Exposure] (LOW): The script allows the user to specify a custom output directory (
-o). Without path validation or sandboxing, this could be used to write files to unintended locations on the host filesystem. - [Indirect Prompt Injection] (LOW): The skill fetches video metadata (title, uploader) from an external source (YouTube) and prints it to the console. An attacker could name a video with malicious instructions that might influence the LLM's subsequent actions when it parses the tool output.
- Ingestion points:
get_video_infofetches JSON metadata from YouTube. - Boundary markers: None. Metadata is printed directly to stdout.
- Capability inventory: Subprocess execution of
yt-dlpandpip, local file writing. - Sanitization: None implemented for the metadata display.
Audit Metadata