youtube-downloader
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill is designed to automatically install the 'yt-dlp' package if it is not found on the system. Dynamic installation of dependencies at runtime is a security risk as it bypasses static environment checks and can be used to pull malicious code if the package registry is compromised. \n- PROMPT_INJECTION (LOW): Surface for Indirect Prompt Injection. \n
- Ingestion points: YouTube URLs provided by the user as arguments to the
scripts/download_video.pyscript. \n - Boundary markers: Absent. There is no evidence of input validation, delimiters, or 'ignore embedded instructions' warnings for the external URL input. \n
- Capability inventory: The script performs network requests to download content, writes files to the
/mnt/user-data/outputs/directory, and executes shell commands. \n - Sanitization: Absent. The documentation does not describe any sanitization of the URL or the resulting video metadata (e.g., titles) used in filenames. \n- COMMAND_EXECUTION (LOW): The skill documentation instructs the agent to execute a local Python script (
scripts/download_video.py) to perform its primary function.
Audit Metadata