video-downloader
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The instructions rely on direct execution of yt-dlp with externally provided URLs. If the agent does not properly sanitize these inputs before interpolation into a shell command, it creates a direct vector for command injection.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill recommends runtime package installation via pip and tool self-updates using 'yt-dlp -U'. Executing code updates from remote sources during runtime increases the risk of supply chain attacks.
- [PROMPT_INJECTION] (HIGH): This skill is vulnerable to Indirect Prompt Injection. 1. Ingestion points: Video URLs and metadata (such as titles) fetched from external sites. 2. Boundary markers: Absent from the command templates. 3. Capability inventory: Subprocess execution and file system write access via yt-dlp. 4. Sanitization: Absent. An attacker could host a video with a title containing shell metacharacters (e.g., using backticks or semicolons) which, when processed by the agent to generate a filename via the -o flag, could lead to arbitrary command execution on the host system.
Recommendations
- AI detected serious security threats
Audit Metadata