ytdlp-ops

Pass

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill includes a version verification script that fetches release information from the official yt-dlp GitHub repository. This is a standard security practice to ensure the environment is running patched and current software.
  • [COMMAND_EXECUTION]: The skill defines and executes shell commands for media processing. It includes a diagnostic bash script for checking version drift and performing smoke tests against known-safe external resources.
  • [CREDENTIALS_UNSAFE]: Guidance is provided for managing browser cookies for authentication. The skill emphasizes security best practices, such as restricted file permissions (chmod 600) and the use of throwaway accounts for automated tasks to minimize exposure risks.
  • [PROMPT_INJECTION]: The documentation identifies the attack surface for indirect prompt injection via untrusted media metadata (e.g., video titles). It provides specific mitigation strategies, including the use of sanitization flags and byte-level truncation in filename templates.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 24, 2026, 06:11 PM
Security Audit — agent-trust-hub — ytdlp-ops