Skills
skills/moosegoose0701/skill-compose/media-downloader/Gen Agent Trust Hub

media-downloader

Warn

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • [COMMAND_EXECUTION] (MEDIUM): The scripts/download.py file uses subprocess.run to call the yt-dlp binary. While arguments are passed as a list to prevent shell injection, the underlying tool has extensive permissions to interact with the network and file system.
  • [REMOTE_CODE_EXECUTION] (MEDIUM): The SKILL.md file encourages the use of yt-dlp -U. This command triggers a self-update process that downloads and executes code from remote servers at runtime, which is an unverified external download.
  • [CREDENTIALS_UNSAFE] (MEDIUM): The skill documentation and the scripts/download.py wrapper support the --cookies-from-browser feature. This allows the tool to read sensitive session cookies from user browser profiles (e.g., Chrome, Firefox) to access restricted content, which could be exploited to expose user credentials.
  • [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection as it ingests untrusted URLs.
  • Ingestion points: url argument in scripts/download.py.
  • Boundary markers: Absent; the URL is passed directly to the command line.
  • Capability inventory: File writing, network access, and subprocess execution via yt-dlp.
  • Sanitization: Uses list-based subprocess.run calls to prevent shell-level injection, but does not sanitize the content of the URL or potential metadata returned by the downloader.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 18, 2026, 03:14 PM