yt-dlp-skill
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWNO_CODE
Full Analysis
- NO_CODE (SAFE): The analyzed files contain only Markdown documentation and repository metadata. No executable code, shell scripts, or binary files are included in the skill package.
- INDIRECT_PROMPT_INJECTION (INFO): The skill lists external GitHub issue titles and descriptions, which constitutes an ingestion point for untrusted data. However, the risk is negligible because the skill provides no tools, functions, or execution capabilities that could be influenced by malicious content. (1) Ingestion points: references/issues.md. (2) Boundary markers: Absent. (3) Capability inventory: None. (4) Sanitization: Absent.
Audit Metadata