Skills
skills/agricidaniel/claude-video/claude-video-download/Gen Agent Trust Hub

claude-video-download

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill relies on the Bash tool to execute yt-dlp commands with user-supplied arguments.
  • Evidence: Multiple instruction blocks in SKILL.md demonstrate executing commands like yt-dlp -F "URL" and yt-dlp -o "%(title)s.%(ext)s" "URL".
  • Risk: If the user provides a URL containing shell metacharacters (e.g., ;, &&, $()), it could lead to arbitrary command execution if the agent does not properly escape the input.
  • [EXTERNAL_DOWNLOADS]: The skill's primary purpose is to download media content from external servers.
  • Evidence: Explicitly supports downloads from YouTube, Vimeo, Twitter, TikTok, and other platforms using yt-dlp.
  • Context: This behavior is the stated primary purpose of the skill.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection via the processing of untrusted URLs.
  • Ingestion points: The URL and PLAYLIST_URL parameters in SKILL.md act as entry points for untrusted data into the shell environment.
  • Boundary markers: While the examples use double quotes around the URL placeholder, this does not prevent all forms of command substitution in a shell context.
  • Capability inventory: The skill is granted Bash tool access, which can be misused if input is injected into commands.
  • Sanitization: There are no explicit instructions for the agent to validate or sanitize the URL format or content before passing it to the Bash tool.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 02:55 PM
Security Audit — agent-trust-hub — claude-video-download