youtube-downloader
Warn
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION] (MEDIUM): The file .security-scan-passed contains deceptive metadata claiming the skill has passed a security audit. This is a self-referential attempt to influence the analyzer's security verdict and bypass manual or automated review.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The setup guide references/po-token-setup.md instructs users to install external, unverified third-party plugins (bgutil-ytdlp-pot-provider, yt-dlp-get-pot, yt-dlp-get-pot-rustypipe) via pip. These plugins execute in the same environment as yt-dlp and represent a supply chain risk.
- [COMMAND_EXECUTION] (LOW): scripts/download_video.py uses subprocess.run to call the yt-dlp binary. While it uses argument lists to mitigate shell injection, it executes system-level commands with user-supplied URLs.
- [DATA_EXFILTRATION] (LOW): The script allows arbitrary output directories through the -o flag. While intended for saving videos, it could potentially be used to write data to sensitive locations if misused by an agent. Evidence Chain (Category 8): 1. Ingestion points: URL argument in scripts/download_video.py. 2. Boundary markers: Absent. 3. Capability inventory: Subprocess execution of yt-dlp. 4. Sanitization: Absent; no validation that the URL doesn't contain command-line flags for yt-dlp.
Audit Metadata