video-downloader
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
subprocess.runinscripts/download_video.pyto executeyt-dlp. Commands are passed as lists of arguments, which prevents shell-based command injection attacks. - [EXTERNAL_DOWNLOADS]: The script
scripts/download_video.pyautomatically installs theyt-dlppackage from PyPI using pip if it is not found on the system.yt-dlpis a standard, widely-used tool for this purpose. - [PROMPT_INJECTION]: The skill processes untrusted data from YouTube (video metadata) which could be used for indirect prompt injection.
- Ingestion points: Metadata is ingested through
yt-dlp --dump-jsonand parsed inscripts/download_video.py. - Boundary markers: None are present to separate untrusted metadata from instructions when displaying video information.
- Capability inventory: The skill has file system access (writing to
/mnt/user-data/outputs/) and subprocess execution capabilities. - Sanitization: There is no sanitization of video titles or uploader information before it is processed or printed.
Audit Metadata