Skills
skills/echoziness/agent-skills/simple-video-downloader/Gen Agent Trust Hub

simple-video-downloader

Pass

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill generates and executes shell commands using yt-dlp and ffprobe to download and verify media files.
  • [EXTERNAL_DOWNLOADS]: The skill references the official yt-dlp GitHub repository and PyPI package for user installation, which are trusted sources.
  • [PROMPT_INJECTION]: The skill processes untrusted external metadata from video platforms, creating a surface for indirect prompt injection. 1. Ingestion points: External video metadata (e.g., titles, descriptions) enters the context via the yt-dlp -j command. 2. Boundary markers: There are no explicit delimiters or warnings used when the agent processes this metadata. 3. Capability inventory: The skill performs local file system writes and executes shell commands via subprocesses. 4. Sanitization: The skill does not implement sanitization or validation for the metadata content.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 27, 2026, 01:50 PM