yt-dlp-downloader
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (HIGH): Shell command injection vulnerability in
scripts/download.sh. The script captures arbitrary user-supplied arguments in$EXTRA_ARGSand executes them unquoted within a bash shell. This allows for the execution of arbitrary commands or the use of dangerousyt-dlpflags like--exec. - [PROMPT_INJECTION] (HIGH): Vulnerable to Indirect Prompt Injection (Category 8). * Ingestion points: The skill ingests untrusted metadata (titles, descriptions) from external URLs via
yt-dlp. * Boundary markers: None present in the prompt instructions or script. * Capability inventory: Shell execution (yt-dlp) and file system write access (~/Downloads). * Sanitization: No sanitization is performed on the data retrieved from external sources before it is returned to the agent's context. - [EXTERNAL_DOWNLOADS] (MEDIUM): Relies on the
yt-dlpexternal utility and performs network requests to thousands of third-party domains to fetch media content.
Recommendations
- AI detected serious security threats
Audit Metadata