youtube-downloader
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill documentation states that it 'automatically installs yt-dlp if not present'. This runtime installation of external software from unverified sources poses a supply chain risk.
- COMMAND_EXECUTION (MEDIUM): The skill operates by executing a local Python script (scripts/download_video.py) to interact with the system and perform downloads, though the script source is not provided for audit.
- DATA_EXFILTRATION (LOW): The skill provides a custom output directory flag (-o) which allows the agent to write files to arbitrary paths on the filesystem.
- PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection via the URL input. Evidence Chain: 1. Ingestion points: The URL parameter passed to the download script; 2. Boundary markers: No delimiters or sanitization instructions mentioned; 3. Capability inventory: The skill has file-write and network download capabilities; 4. Sanitization: No sanitization of the input URL or generated filename is documented.
Audit Metadata