youtube-to-mp4
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands using
yt-dlp,ffmpeg, andffprobe. These commands process user-supplied URLs and external video data. While the instructions include safety measures such as single quoting URLs and using the--restrict-filenamesflag, the reliance on shell execution for external data processing is a noted capability. Additionally, the skill suggests using the--cookies-from-browserflag, which allows access to sensitive browser data for age-restricted content. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it fetches untrusted metadata (such as video titles and playlist names) from YouTube and presents it to the agent's context during the reporting phase.
- Ingestion points: Video and playlist metadata retrieved from YouTube via
yt-dlp(SKILL.md Step 7). - Boundary markers: No explicit delimiters are specified to isolate untrusted metadata when the agent reports results.
- Capability inventory: The skill possesses network access (via
yt-dlp), file system write/delete capabilities, and shell command execution. - Sanitization: The skill recommends
--restrict-filenamesfor shell safety but does not implement sanitization to prevent metadata content from being interpreted as instructions by the agent. - [EXTERNAL_DOWNLOADS]: The skill requires the installation of external binaries (
yt-dlpandffmpeg) and provides instructions for installing them via the Homebrew package manager.
Audit Metadata