Skills
skills/hacklyc/myagents_skills/download-anything/Gen Agent Trust Hub

download-anything

Warn

Audited by Gen Agent Trust Hub on Feb 22, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTION
Full Analysis
  • CREDENTIALS_UNSAFE (MEDIUM): The script scripts/dl-video.sh utilizes the yt-dlp --cookies-from-browser flag. This grants the tool access to the user's private browser session cookies (Chrome, Firefox, Edge) to authenticate with restricted sites like Bilibili. This exposes sensitive login credentials and session data to the script and the target servers.
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill's reference files (references/video.md, references/ebooks.md, references/cloud-search.md) provide links to a wide array of unverified and high-risk third-party domains, including shadow libraries (Anna's Archive, Z-Library), torrent sites (1337x, Nyaa), and Chinese cloud drive search engines. These sites are frequent vectors for malware and phishing.
  • COMMAND_EXECUTION (MEDIUM): The scripts/install-toolkit.sh script executes system-level installation commands using sudo apt-get and sudo dnf. Additionally, scripts/dl-gallery.sh passes arbitrary arguments ($@) directly to the gallery-dl binary, which can lead to unexpected tool behavior if the agent processes untrusted input strings.
  • DATA_EXFILTRATION (LOW): The skill is designed to transmit sensitive local session data (browser cookies) to external domains to facilitate media downloads, effectively exfiltrating authentication tokens.
  • REMOTE_CODE_EXECUTION (LOW): The scripts/install-toolkit.sh script downloads and installs multiple third-party packages from public registries (npm, PyPI, Homebrew). While standard for a toolkit, this introduces risk if dependencies are compromised or if the user is directed to untrusted mirrors.
  • INDIRECT_PROMPT_INJECTION (LOW): The skill exhibits an attack surface for indirect prompt injection (Category 8).
  • Ingestion points: Data enters the agent context via external URLs, search query results from Google Dorks, and metadata from yt-dlp -j calls.
  • Boundary markers: No explicit boundary markers or safety instructions are used to delimit external content retrieved from websites.
  • Capability inventory: The skill has extensive capabilities including network downloads (aria2c, yt-dlp, curl), file system writes, and execution of shell scripts.
  • Sanitization: There is no evidence of sanitization or filtering of data retrieved from external resource sites before it is processed or displayed.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 22, 2026, 07:59 AM