youtube-download
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHDATA_EXFILTRATIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Data Exposure & Exfiltration (HIGH): The skill is designed to automatically scrape browser cookie databases to bypass YouTube's anti-bot protections.
- Evidence found in
README.mdandTROUBLESHOOTING.mddescribes 'Smart Cookie Management' and 'Automatic Extraction' from Chrome, Firefox, Edge, and Safari. - This behavior allows the agent to access the user's active session tokens and potentially other sensitive data stored in the browser's profile directory.
- External Downloads (MEDIUM): The
install_as_skill.shscript downloads and installs several Python packages from PyPI (yt-dlp,pysrt,python-dotenv). - Since the source repository (
lxmxhh/cc-skill-youtube-download) is not on the trusted list, these third-party dependencies are considered unverifiable. - Command Execution (MEDIUM): The installation script
install_as_skill.shexecutes potentially dangerous shell commands including recursive directory removal (rm -rf) and directory creation within the user's home path (~/.claude/skills/). - Indirect Prompt Injection (LOW): The skill processes untrusted input from YouTube, such as video URLs and potentially metadata (titles, descriptions).
- Ingestion points: YouTube URL processing and metadata extraction (inferred from output format in
README.md). - Boundary markers: None detected in the provided documentation or scripts.
- Capability inventory: The skill uses
yt-dlpwhich can execute subprocesses for merging video/audio files via FFmpeg. - Sanitization: No evidence of sanitizing external content before displaying it to the user or agent.
Recommendations
- AI detected serious security threats
Audit Metadata