yt-dlp
Warn
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The installation section provides instructions to download a standalone binary from an external GitHub repository (github.com/yt-dlp/yt-dlp) and use 'chmod +x' to make it executable, allowing for the execution of unverified external code.
- [EXTERNAL_DOWNLOADS]: The skill initiates downloads of the yt-dlp binary, the yt-dlp Python package via pip, and system-level packages like ffmpeg from external sources.
- [COMMAND_EXECUTION]: The skill executes multiple shell commands including system package managers (apt, brew), file permission modifiers (chmod), and the media downloader tool (yt-dlp) with various flags.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. 1. Ingestion points: The agent processes untrusted metadata such as video titles, descriptions, and comments through commands like '--dump-json' and '--print'. 2. Boundary markers: No delimiters or explicit instructions to ignore embedded commands are included in the prompt templates. 3. Capability inventory: The skill has the capability to execute shell commands and perform file operations. 4. Sanitization: There is no evidence of sanitization or validation of the ingested external data before it is handled by the agent.
Audit Metadata