video-downloader
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWNO_CODE
Full Analysis
- [No Code] (SAFE): The file 'SKILL.md' contains metadata and descriptive text only. There are no shell scripts, Python/Node.js code blocks, or configuration files that execute logic.
- [Indirect Prompt Injection Surface] (LOW): While no implementation code is present, the skill's described purpose (processing video metadata from external platforms) represents a potential ingestion point for untrusted data.
- Ingestion points: Video metadata (title, description) fetched from external platform URLs specified by the user.
- Boundary markers: None mentioned in the documentation; instructions suggest direct interpolation of metadata into the file system.
- Capability inventory: The skill describes file-write operations (saving videos, thumbnails, and metadata to '~/Downloads/').
- Sanitization: None described. Any future implementation should ensure metadata is sanitized before being used in file names or agent reasoning.
Audit Metadata