media-downloader
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [Privilege Escalation] (HIGH): The instructions in SKILL.md direct the agent to modify the user's ~/.zshrc file to persist API keys. Modifying shell profiles is a high-risk persistence and privilege escalation mechanism.
- [Data Exposure] (HIGH): The skill encourages the export and processing of browser cookies via convert_cookies.py and verify_cookies.py to bypass YouTube security measures. These cookies contain session tokens that could lead to full account compromise if exfiltrated.
- [External Downloads] (MEDIUM): The installation process fetches code from an untrusted GitHub repository (yizhiyanhua-ai/media-downloader.git) and installs multiple third-party binaries like yt-dlp and ffmpeg.
- [Command Execution] (MEDIUM): The skill frequently executes system commands using subprocess.run, specifically in verify_cookies.py to call yt-dlp with cookie arguments.
- [Prompt Injection] (HIGH): The skill is vulnerable to indirect injection. Evidence: 1. Ingestion points: User-provided descriptions and YouTube URLs. 2. Boundary markers: Absent in scripts and prompts. 3. Capability inventory: subprocess.run calls to yt-dlp, ffmpeg, and local python scripts. 4. Sanitization: No evidence of input sanitization for command-line arguments.
Recommendations
- AI detected serious security threats
Audit Metadata