Skills
skills/cat-xierluo/legal-skills/universal-media-downloader/Gen Agent Trust Hub

universal-media-downloader

Pass

Audited by Gen Agent Trust Hub on Feb 25, 2026

Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/download_media.py executes the yt-dlp command-line utility via Python's subprocess.run function. While it uses a list for command arguments to prevent shell injection, it executes a powerful external tool with user-controlled inputs.
  • [REMOTE_CODE_EXECUTION]: The documentation in SKILL.md suggests using the --remote-components ejs:github flag to resolve YouTube challenges. This feature in yt-dlp downloads and executes external JavaScript code from remote GitHub repositories at runtime.
  • [CREDENTIALS_UNSAFE]: The skill provides the ability to ingest a cookies.txt file (Netscape format) via the --cookies parameter. These files frequently contain sensitive session tokens and plaintext authentication data for media platforms.
  • [INDIRECT_PROMPT_INJECTION]: The skill possesses an indirect injection surface through the ingestion of external media metadata and page content during the download process.
  • Ingestion points: The url parameter in scripts/download_media.py is used to fetch content from the web.
  • Boundary markers: Absent. The skill does not provide markers to the agent to ignore instructions embedded in the media metadata or descriptions.
  • Capability inventory: The skill can execute subprocesses (yt-dlp) and write files to arbitrary local directories.
  • Sanitization: No sanitization or validation of the remote content is performed beyond what is handled internally by the yt-dlp tool.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 25, 2026, 03:55 AM