Skills
skills/sarfraznawaz2005/agent-skills-collection/youtube-downloader/Gen Agent Trust Hub

youtube-downloader

Warn

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill's Python script automatically downloads and installs the yt-dlp package from PyPI at runtime using pip install if it is not already present on the system.
  • Evidence: subprocess.run([sys.executable, "-m", "pip", "install", "--break-system-packages", "yt-dlp"], check=True) in scripts/download_video.py.
  • [COMMAND_EXECUTION]: The skill uses the subprocess.run function to execute system commands, including the installation of software and the execution of the downloaded yt-dlp tool with user-supplied arguments (URL and output path).
  • Evidence: Multiple subprocess.run calls in scripts/download_video.py to check, install, and run yt-dlp.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 29, 2026, 09:20 PM