video-downloader
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [NO_CODE]: The skill consists entirely of markdown documentation and metadata. No executable scripts (.py, .js, .sh), configuration files, or binaries are present in the provided files.
- [PROMPT_INJECTION]: The skill is designed to ingest external data from URLs (video titles and descriptions). This creates a surface for indirect prompt injection. 1. Ingestion points: Video URLs and metadata fetched from platforms like YouTube as described in SKILL.md. 2. Boundary markers: None are specified in the provided prompt examples. 3. Capability inventory: The skill implies file-writing capabilities to the user's ~/Downloads/ directory. 4. Sanitization: No sanitization or validation of the fetched metadata is mentioned. This is a characteristic of the skill's intended use case rather than a malicious finding.
Audit Metadata