youtube-downloader
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill performs automatic runtime installation of the 'yt-dlp' package from PyPI if the binary is not found on the host system.\n
- Evidence: The
check_yt_dlpfunction inscripts/download_video.pyexecutespip install --break-system-packages yt-dlp. While PyPI is a standard registry, runtime installation of external code without version pinning or integrity checks is a security risk.\n- COMMAND_EXECUTION (SAFE): The script usessubprocess.runwith a list of arguments for all external calls, which follows security best practices to prevent shell injection.\n- PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection because it ingests untrusted metadata (titles, uploader names) from YouTube and reflects it into the agent's output.\n - Ingestion points: Video metadata fetched via
yt-dlp --dump-jsoninscripts/download_video.py.\n - Boundary markers: Absent; the script prints metadata directly to the console without delimiters.\n
- Capability inventory: The skill can execute subprocesses (yt-dlp) and write files to
/mnt/user-data/outputs/.\n - Sanitization: Absent; the script relies on the external tool's default behavior for filename safety.
Audit Metadata