youtube-downloader
Fail
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands that interpolate user-provided URLs and video titles (e.g.,
yt-dlp --print "%(title)s" "$VIDEO_URL"). Insufficient sanitization of these variables can lead to command injection if a malicious URL is provided.\n- [COMMAND_EXECUTION]: The skill attempts to acquire root privileges usingsudo apt update && sudo apt install -y yt-dlpto install dependencies, which is a high-risk privilege escalation attempt.\n- [REMOTE_CODE_EXECUTION]: The skill automatically installs external software (yt-dlp) viapip,brew, oraptwithout explicit user confirmation, which could result in the execution of untrusted code from remote package registries.\n- [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection as it processes untrusted YouTube transcripts.\n - Ingestion points: External YouTube transcripts are fetched using yt-dlp and written to local files.\n
- Boundary markers: Absent; there are no delimiters separating external transcript content from agent instructions during processing.\n
- Capability inventory: Subprocess execution (bash), file system write access, and dynamic Python execution.\n
- Sanitization: Content is modified via regex for formatting and filler removal, but no safety sanitization is performed to detect or neutralize embedded instructions.\n- [COMMAND_EXECUTION]: Python scripts are executed using heredocs with shell variable interpolation (e.g.,
$OUTPUT_DIR/${VIDEO_TITLE}.md), which can lead to command or code injection within the script logic if the variables contain control characters.
Recommendations
- AI detected serious security threats
Audit Metadata