video-download
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute the
yt-dlpandffmpegCLI tools to perform media downloads and processing.\n- [EXTERNAL_DOWNLOADS]: The skill facilitates the downloading of media content (video, audio, and subtitles) from external websites using theyt-dlputility.\n- [PROMPT_INJECTION]: The skill processes untrusted user-provided URLs, creating an indirect prompt injection surface.\n - Ingestion points: User URLs are inserted into command templates in
SKILL.md.\n - Boundary markers: URL placeholders are wrapped in double quotes to prevent simple shell injection.\n
- Capability inventory: The skill uses CLI execution and file writing capabilities.\n
- Sanitization: The skill does not define specific sanitization or validation rules for input URLs.
Audit Metadata