youtube-downloader
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [Unverifiable Dependencies] (MEDIUM): The script
scripts/download_video.pyautomatically installsyt-dlpusingpip install --break-system-packagesat runtime. This introduces a dependency on an external package registry (PyPI) without version pinning or integrity verification. - Evidence:
scripts/download_video.pyline 21. - [Command Execution / Argument Injection] (HIGH): The
urlparameter provided by the user is passed directly tosubprocess.runas an argument toyt-dlp. Since the input is not validated to be a legitimate URL, an attacker could provide strings starting with dashes (e.g.,--exec 'cat /etc/passwd') to inject arbitrary flags into theyt-dlpcommand, leading to remote code execution. - Evidence:
scripts/download_video.pyline 77. - [Indirect Prompt Injection] (HIGH): The skill processes untrusted external metadata (YouTube video titles) and uses them to construct file system paths. This creates an attack surface where a maliciously titled video could influence the agent's file operations.
- Ingestion points: Metadata is fetched via
yt-dlp --dump-jsoninscripts/download_video.pyline 27. - Boundary markers: None. The title is interpolated directly into the output template.
- Capability inventory: File system writes (line 74) and subprocess execution (line 92).
- Sanitization: Absent. The script relies on
yt-dlp's internal handling of the%(title)stemplate variable, which may be insufficient to prevent all forms of path manipulation in the context of the agent's broader file system permissions.
Recommendations
- AI detected serious security threats
Audit Metadata