yt-dlp-downloader

[Skill Scanner] Installation of third-party script detected All findings: [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] [CRITICAL] command_injection: Installation of third-party script detected (SC006) [AITech 9.1.4] Functionally legitimate for downloading and extracting media via yt-dlp/ffmpeg. Primary security concerns are operational: (1) Overbroad permission request ('all') should be narrowed to network and limited filesystem access; (2) Default recommendation to always use --cookies-from-browser chrome unnecessarily exposes sensitive browser cookies—cookies access must be requested only when needed and with explicit consent; (3) Constructing shell command strings from user input without shown sanitization risks command injection—use argument lists or safe APIs and validate/escape all user-supplied inputs. No direct evidence of obfuscated or malicious payloads, no hardcoded secrets, and no external exfiltration endpoints present in the provided material. Recommend reducing default cookie usage, removing broad 'all' permission, and demonstrating secure command execution patterns. LLM verification: Functionally, the skill matches its purpose and uses standard tools (yt-dlp, ffmpeg). There are no direct signs of obfuscated or explicitly malicious code in the provided instruction file. However, it recommends high-risk behaviors: automatic access to browser cookies for YouTube, unpinned dependency installs, and executing shell commands with excessive 'all' permissions. These create credible vectors for credential exposure and command-injection/exfiltration if the agent or execution environmen