download-video
Warn
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill implements and encourages the use of the
--cookies-from-browserflag inyt-dlp, which allows the agent to read sensitive session data and login cookies from the user's local browser profiles (Chrome, Firefox, Safari, Edge, etc.). This capability could be abused to harvest credentials or session tokens. - [COMMAND_EXECUTION]: The script
scripts/download.pyusessubprocess.runto execute CLI commands. While it uses argument lists to mitigate shell injection, it passes user-supplied URLs and directory paths directly to the underlyingyt-dlpprocess. - [EXTERNAL_DOWNLOADS]: The skill recommends installing the third-party Python package
bgutil-ytdlp-pot-providerfrom PyPI. This introduces a supply-chain risk as the package is not from a verified or well-known service provider. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface.
- Ingestion points: The skill fetches and processes data from over 1,000 external websites via
yt-dlpextractors. - Boundary markers: There are no delimiters or instructions to ignore embedded malicious content in the fetched data.
- Capability inventory: The skill has the ability to execute subprocesses, write to the file system, and access sensitive browser data.
- Sanitization: The
scripts/download.pyscript uses Python'ssubprocesslist-based execution which provides basic protection against shell-level injection, but does not sanitize the content of the data fetched from remote URLs.
Audit Metadata