bbdown-cli
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- EXTERNAL_DOWNLOADS (SAFE): The skill documentation describes installing the BBDown utility via the
.NETglobal tool registry (dotnet tool install --global BBDown). This is a standard and verifiable installation path for this utility. - COMMAND_EXECUTION (SAFE): The commands provided in the skill are standard operations for video downloading, stream selection, and muxing. They do not involve suspicious shell piping, obfuscation, or arbitrary code execution.
- CREDENTIALS_UNSAFE (SAFE): The skill appropriately handles sensitive data like
SESSDATAand access tokens by using descriptive placeholders (e.g.,...) instead of hardcoded secrets. - INDIRECT_PROMPT_INJECTION (SAFE): While the tool processes external URLs (ingestion point), which is a theoretical surface for indirect injection via video metadata, the risk is negligible as the tool's output is primarily media files and metadata for local storage, not automated agent decision-making.
Audit Metadata