youtube-downloader
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill instructs the agent to execute shell commands using user-provided input (e.g.,
python scripts/download_video.py "USER_URL"). This pattern is vulnerable to command injection if the agent or the underlying script does not rigorously sanitize the URL string against shell metacharacters like;,&,|, or backticks. - [EXTERNAL_DOWNLOADS] (LOW): The skill relies on external packages including
yt-dlpfrom PyPI andffmpegfrom system repositories. While these are trusted sources, the skill requires the agent to perform software installations at runtime. - [PRIVILEGE_ESCALATION] (MEDIUM): Integration instructions suggest running
apt-get install ffmpeg, which typically requires root or sudo privileges. Granting an agent the ability to run package managers with elevated permissions is a significant security risk. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill ingests data from untrusted external sources (video metadata, titles, and descriptions from 1000+ websites). If the agent later processes this metadata to summarize the video or present it to the user, it could be susceptible to instructions hidden within the video metadata.
- Ingestion points: User-provided URLs and remote video metadata fetched by yt-dlp.
- Boundary markers: The documentation uses double quotes for URLs in shell commands, but no explicit sanitization or instructions to ignore embedded commands are provided.
- Capability inventory: Shell command execution, file system writes (output directory), and network access (video streaming).
- Sanitization: None explicitly mentioned in the documentation for handling metadata retrieved from external sites.
Audit Metadata