youtube-downloader
Fail
Audited by Gen Agent Trust Hub on Feb 13, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill ingests untrusted data from YouTube transcripts and metadata via
scripts/main.py. The absence of boundary markers or sanitization, combined with instructions for the agent to analyze this external data and the skill's ability to execute shell commands, creates a high-severity surface where instructions hidden in video content could override agent logic. - [Command Execution] (MEDIUM): Shell commands are constructed to run
scripts/main.py. Without the source code for this script, it is impossible to verify if parameters like URLs or video titles are properly sanitized, which could allow command injection if the script passes these strings unsafely to the underlyingyt-dlpprocess. - [External Downloads] (LOW): The skill requires the installation of
yt-dlpandclickfrom public registries. While these are common packages, they are utilized by an untrusted author without version pinning or integrity hashes, representing a standard supply-chain risk.
Recommendations
- AI detected serious security threats
Audit Metadata