yt-dlp
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill facilitates the execution of
yt-dlpandffmpegcommands to download and process media files. The provided workflow and reference documents correctly demonstrate using quotes around user-provided arguments to prevent shell-based injection attacks. - [EXTERNAL_DOWNLOADS]: The skill includes helper scripts (e.g.,
check-ffmpeg.ps1,check-ffmpeg.sh) that suggest installing package managers like Scoop, Chocolatey, and Homebrew. These instructions involve downloading setup scripts from well-known official domains, which is standard procedure for these services. - [DATA_EXFILTRATION]: No unauthorized data transmission patterns were detected. The skill handles user-provided URLs and optional cookies locally to download media content to the user's local file system.
- [PROMPT_INJECTION]: The skill's instructions and metadata are strictly functional and focused on media downloading. No override markers, bypass attempts, or instructions to ignore system guidelines were found.
Audit Metadata