download-anything
Warn
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script 'scripts/install-toolkit.sh' uses 'sudo' to install system-level packages via apt and dnf, which allows for privilege escalation on the host system.
- [DATA_EXFILTRATION]: The 'scripts/dl-video.sh' script utilizes the '--cookies-from-browser' feature of yt-dlp to read sensitive authentication cookies from Chrome, Firefox, and Edge browser profiles.
- [EXTERNAL_DOWNLOADS]: The 'scripts/install-toolkit.sh' script automates the retrieval and installation of various external software packages from Homebrew, PyPI, and NPM registries.
- [COMMAND_EXECUTION]: Multiple scripts in the 'scripts/' directory execute CLI tools like yt-dlp, aria2c, and gallery-dl using externally provided URL arguments, which can be manipulated.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its ingestion of untrusted external content. Ingestion points: 'scripts/dl-video.sh', 'scripts/dl-file.sh', and other download scripts process user-provided URLs and remote site metadata. Boundary markers: Absent; URLs and site data are processed directly without delimiters or instruction isolation. Capability inventory: The skill has extensive network and file-writing capabilities via tools like curl, wget, and yt-dlp. Sanitization: No input validation or sanitization of remote data is performed before command execution.
Audit Metadata