youtube-downloader
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [Unverifiable Dependencies & Remote Code Execution] (MEDIUM): The file
scripts/download_video.pycontains acheck_yt_dlpfunction that automatically installs theyt-dlppackage viapipif it is not found on the system. This dynamic installation of unpinned dependencies at runtime is a security risk as it bypasses static analysis and could allow for the execution of malicious code if the package is compromised or substituted. - [Indirect Prompt Injection] (LOW): The skill ingests untrusted data from YouTube (video metadata like titles and descriptions) through the
get_video_infofunction. This data is then printed and processed, creating a surface for indirect prompt injection where an attacker could influence the agent's behavior via video metadata. - Ingestion points:
scripts/download_video.py(viayt-dlp --dump-json) - Boundary markers: Absent; metadata is printed directly to the console.
- Capability inventory: File system write access and subprocess command execution in
scripts/download_video.py. - Sanitization: The script uses list-based
subprocess.runcalls, which prevents direct shell command injection, but does not sanitize the content of the metadata itself. - [Command Execution] (LOW): The script executes external commands using
subprocess.run. While it correctly uses list-based arguments to prevent shell injection, it still relies on external utilities and user-provided URLs to perform its primary function.
Audit Metadata