video-downloader
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The command template nre [URL] --save-name [电影名称] performs direct string interpolation of user-supplied data into a shell environment. Evidence found in SKILL.md under the '命令模板' section. An attacker could provide a malicious name like 'video; touch /tmp/pwned; #' to execute arbitrary commands.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill directs users to download N_m3u8DL-RE from github.com/nilaoda/N_m3u8DL-RE. This repository owner is not in the predefined trusted organizations list, making the dependency unverifiable.
- [PROMPT_INJECTION] (HIGH): This finding pertains to Category 8 (Indirect Prompt Injection). 1. Ingestion points: User-provided URL and movie name strings. 2. Boundary markers: Absent in the command construction. 3. Capability inventory: Shell command execution on the host. 4. Sanitization: Absent; the skill relies on the agent's reasoning to handle special characters, which is an insufficient security control against adversarial input.
Recommendations
- AI detected serious security threats
Audit Metadata