Skills
skills/davepoon/buildwithclaude/video-downloader/Gen Agent Trust Hub

video-downloader

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The script uses subprocess.run to execute yt-dlp, pip, and python (for environment setup). These calls use list-based arguments without a shell, which is a secure practice to prevent command injection from user-provided URLs or paths.
  • [EXTERNAL_DOWNLOADS]: The skill is designed to automatically download the yt-dlp package from the official Python Package Index (PyPI) if it is missing. This dependency management is used to support the skill's primary functionality.
  • [DATA_EXFILTRATION]: The skill provides functionality to save files to a local output directory (/mnt/user-data/outputs/). It implements URL validation that restricts downloads to authorized YouTube domains and requires HTTPS, preventing its use for arbitrary network requests.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 07:51 AM
Security Audit — agent-trust-hub — video-downloader