video-downloader
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Remote Code Execution (CRITICAL): The skill contains explicit instructions to install Homebrew by fetching a script from the internet and piping it directly into bash (
/bin/bash -c "$(curl -fsSL ...)"). This allows for unauthenticated arbitrary code execution from a remote, non-trusted source. - Unverifiable Dependencies (HIGH): The instructions require the agent to automatically install
yt-dlpandffmpegviabrew installwithout seeking user confirmation. This bypasses typical security boundaries and introduces software of unknown integrity into the host system. - Indirect Prompt Injection (HIGH):
- Ingestion points: The skill processes arbitrary URLs provided by users which point to external web content (YouTube, Twitter, Bilibili, etc.) in
SKILL.md. - Boundary markers: No delimiters or boundary markers are used when interpolating user-provided URLs into shell commands.
- Capability inventory: The skill uses
yt-dlpwhich executes shell processes, interacts with the local file system, and performs network requests. - Sanitization: There is no evidence of input validation or sanitization to prevent shell metacharacter injection or exploitation of
yt-dlpmetadata parsing vulnerabilities. - Command Execution (MEDIUM): The skill includes automated logic to modify the system state (installing packages, checking versions) every time it is used, which increases the attack surface for local privilege escalation.
Recommendations
- AI detected serious security threats
Audit Metadata