Skills
skills/lijigang/ljg-skills/ljg-x-download/Gen Agent Trust Hub

ljg-x-download

Fail

Audited by Gen Agent Trust Hub on Mar 22, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses shell commands like curl and yt-dlp with placeholders for user-provided URLs. This creates a direct command injection surface where a malicious URL (e.g., containing backticks or semicolons) could execute unauthorized code on the system.
  • [CREDENTIALS_UNSAFE]: The execution logic includes instructions to use the --cookies-from-browser flag. This grants the agent access to the user's local browser database, including sensitive session tokens and authentication cookies, which is a significant privilege escalation and privacy concern.
  • [EXTERNAL_DOWNLOADS]: The skill is designed to fetch content from external network sources (x.com, twitter.com, and redirected URLs) using curl and yt-dlp based on unvalidated user input.
  • [INDIRECT_PROMPT_INJECTION]: The skill has a high-risk capability surface that ingests untrusted data from the web.
  • Ingestion points: Data is fetched via yt-dlp --dump-json from attacker-controllable Twitter metadata.
  • Boundary markers: None identified in the prompt templates or command construction.
  • Capability inventory: The skill has shell access via curl, yt-dlp, and ls on the local file system.
  • Sanitization: There is no explicit sanitization logic described for the URL input or the metadata returned by external tools.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 22, 2026, 07:59 AM