buda-youtube-to-script

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes standard shell commands to manage a persistent working directory, run media processing scripts, and use established CLI utilities like ffmpeg.
  • [EXTERNAL_DOWNLOADS]: It implements a self-healing mechanism that automatically installs the yt-dlp package from the official Python Package Index (PyPI) if it is missing from the environment.
  • [SAFE]: The skill utilizes the --cookies-from-browser feature of yt-dlp to navigate video platform restrictions, which is standard and expected functionality for this utility.
  • [SAFE]: Although the skill processes external video content (transcripts), which is a common surface for indirect prompt injection, the instructions are focused on structured rewriting and do not provide a path for the ingested data to influence command execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 04:43 AM
Security Audit — agent-trust-hub — buda-youtube-to-script