video-downloader
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONNO_CODE
Full Analysis
- [Prompt Injection] (HIGH): The skill documentation reveals a high-risk surface for indirect prompt injection by processing untrusted metadata from external platforms.
- Ingestion points: Metadata from user-provided video URLs (e.g., YouTube titles and descriptions) is ingested into the agent context.
- Boundary markers: No delimiters or ignore-instructions warnings are described in the usage or implementation notes.
- Capability inventory: The skill performs filesystem write operations (saving to ~/Downloads/), which can be dangerous if the agent is manipulated by external content.
- Sanitization: No sanitization logic for external metadata is mentioned.
- [No Code] (MEDIUM): The submission lacks functional code, scripts, or dependency manifests. The actual implementation cannot be verified for hidden malicious behavior or insecure library usage.
- [External Downloads] (LOW): The core functionality relies on fetching data from non-whitelisted external domains.
- [Command Execution] (LOW): The described features (quality selection, format conversion) typically require the execution of external CLI tools such as yt-dlp or ffmpeg, which introduces a potential vector for command injection if not properly sanitized.
Recommendations
- AI detected serious security threats
Audit Metadata