video-downloader
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWNO_CODE
Full Analysis
- [NO_CODE] (LOW): The skill file (SKILL.md) is purely descriptive markdown. It lacks any Python, Node.js, or shell scripts to execute the described tasks such as video downloading or quality processing.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill describes a workflow that ingests untrusted external data (video URLs and metadata). Evidence: 1. Ingestion points: Video URLs and external metadata in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: Stated capability to write files to ~/Downloads/. 4. Sanitization: None described. While no implementation exists here, this ingestion of external data represents a potential attack surface if functional code were added without proper boundaries.
Audit Metadata