bilibili-downloader
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes external binaries
yt-dlpandffmpegvia thesubprocess.runmethod. It correctly uses argument lists rather than shell strings, preventing potential command injection vulnerabilities. - [EXTERNAL_DOWNLOADS]: The skill fetches media content from Bilibili's servers. Additionally, the
demucslibrary may download pre-trained weights for its AI models from official, well-known repositories (Meta/GitHub) during the first run of the vocal separation feature. - [DATA_EXPOSURE]: The script interacts with the local file system to save downloaded media, defaulting to a folder on the user's desktop. It also supports passing browser identifiers to
yt-dlpfor cookie extraction, which is a standard procedure for accessing authenticated or high-definition content from the platform.
Audit Metadata