advanced-video-downloader
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [DATA_EXFILTRATION] (HIGH): The skill documentation in
docs/README.mdandreferences/supported_platforms.mdexplicitly instructs the use of the--cookies-from-browserflag. This flag causesyt-dlpto read sensitive authentication cookies from the user's browser profile, exposing them to the skill's environment and the AI agent.\n- [DATA_EXFILTRATION] (MEDIUM): The scriptscripts/transcribe_siliconflow.pytransmits local audio and video files to an external API endpoint (https://api.siliconflow.cn/v1/audio/transcriptions) for processing. Users should be aware that their media is being sent to a third-party service.\n- [COMMAND_EXECUTION] (MEDIUM): The skill is built around executing complex shell commands withyt-dlp. This provides a significant attack surface for interacting with the local file system and browser data through the tool's interface.\n- [EXTERNAL_DOWNLOADS] (LOW): The documentation recommends downloading and installing external binaries likeyt-dlpandffmpegfrom external sources. These are trusted tools in this domain, but remain external dependencies.\n- [PROMPT_INJECTION] (LOW): The transcription workflow creates an indirect prompt injection surface where untrusted data from the transcription API is written into Markdown files without sanitization. \n - Ingestion points: API transcription result in
scripts/transcribe_siliconflow.py. \n - Boundary markers: Absent in the generated Markdown. \n
- Capability inventory: Subprocess execution via
yt-dlp. \n - Sanitization: None; external API text is directly interpolated into the output.
Recommendations
- AI detected serious security threats
Audit Metadata