yt-dlp-downloader
Warn
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill's primary function is to construct and execute shell commands using the
yt-dlpCLI. It interpolates user-provided URLs directly into these commands, which presents a risk of command injection if the input is not strictly sanitized by the agent before execution. - [DATA_EXFILTRATION]: The instructions explicitly recommend using the
--cookies-from-browserflag for YouTube downloads. This command directs the tool to access and extract session cookies from the user's browser database (e.g., Chrome, Firefox). While intended for authentication to bypass 403 errors, this allows the agent to read highly sensitive local data that could be abused if the agent is compromised or malicious. - [EXTERNAL_DOWNLOADS]: The skill requires the installation of external dependencies
yt-dlpandffmpegvia package managers likepipandbrew. While these are well-known tools, they involve downloading and installing code from public registries at runtime. - [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection through its ingestion of external URLs.
- Ingestion points: Video URLs are passed into the agent from untrusted external sources or user input (SKILL.md).
- Boundary markers: Example commands use double quotes around URLs, providing minimal shell protection, but the instructions do not specify rigorous validation or "ignore embedded instructions" warnings.
- Capability inventory: The skill utilizes shell execution, network access, and file writing capabilities.
- Sanitization: No explicit sanitization or filtering of the URL content is performed beyond basic quoting in examples.
Audit Metadata