using-youtube-download

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill includes an installation command that downloads an executable from https://github.com/yt-dlp/yt-dlp/releases/latest/download/yt-dlp (and references https://github.com/yt-dlp/yt-dlp), which fetches remote binary code that will be executed by the skill, so the URL is a runtime external dependency that executes remote code.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The prompt includes explicit sudo installation commands and a curl-to-/usr/local/bin pattern that require elevated privileges and modify system-level files, which asks the agent to change the machine state.