Skills
skills/cat-xierluo/legal-skills/universal-media-downloader/Gen Agent Trust Hub

universal-media-downloader

Pass

Audited by Gen Agent Trust Hub on Mar 25, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/download_media.py uses subprocess.run to execute yt-dlp. The command is constructed using a list of arguments, which is a secure practice that prevents shell injection. This execution is central to the skill's primary function of downloading media.
  • [EXTERNAL_DOWNLOADS]: The skill performs network requests using the requests library in scripts/download_douyin_note.py and via yt-dlp in scripts/download_media.py. These operations are used to fetch media metadata and content from legitimate video and podcast platforms as described in the skill's purpose.
  • [DATA_EXFILTRATION]: No evidence of data exfiltration was found. Network operations are strictly limited to the domains required for media discovery and download. No sensitive local files are accessed or transmitted.
  • [PROMPT_INJECTION]: The instructions in SKILL.md are focused on functional guidance and do not contain patterns typical of prompt injection or safety bypass attempts. The skill explicitly includes a 'compliance hint' advising users to only download content they have the right to save.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 25, 2026, 09:11 AM