video-download
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes external binaries
ffmpegandyt-dlpusingsubprocess.runto merge media streams and download videos. These calls use list-based arguments which is a secure practice to prevent shell injection. - [EXTERNAL_DOWNLOADS]: Instructions are provided to download and install dependencies from well-known mirrors and official repositories, including
playwright,yt-dlp, andffmpeg. - [COMMAND_EXECUTION]: The skill references a local installation script (
install_deps.sh) for automated environment setup. - [DATA_EXFILTRATION]: The Python script disables SSL certificate verification globally using
ssl._create_unverified_context(). While common in web scraping to bypass certificate errors, it reduces security against man-in-the-middle attacks during downloads.
Audit Metadata