video-download

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes external binaries ffmpeg and yt-dlp using subprocess.run to merge media streams and download videos. These calls use list-based arguments which is a secure practice to prevent shell injection.
  • [EXTERNAL_DOWNLOADS]: Instructions are provided to download and install dependencies from well-known mirrors and official repositories, including playwright, yt-dlp, and ffmpeg.
  • [COMMAND_EXECUTION]: The skill references a local installation script (install_deps.sh) for automated environment setup.
  • [DATA_EXFILTRATION]: The Python script disables SSL certificate verification globally using ssl._create_unverified_context(). While common in web scraping to bypass certificate errors, it reduces security against man-in-the-middle attacks during downloads.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 04:33 AM
Security Audit — agent-trust-hub — video-download