Skills
skills/nirholas/xactions/video-downloading/Gen Agent Trust Hub

video-downloading

Pass

Audited by Gen Agent Trust Hub on Apr 15, 2026

Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
  • [NO_CODE]: The documentation references external script files including src/videoDownloaderBrowser.js, scripts/videoDownloader.js, and api/routes/video.js that are not included in the provided skill files.
  • [SAFE]: No prompt injections, hardcoded credentials, or obfuscated patterns were identified within the SKILL.md documentation.
  • [PROMPT_INJECTION]: The skill processes untrusted content from X/Twitter URLs, which constitutes a potential surface for indirect prompt injection. 1. Ingestion points: X/Twitter post URLs and batch lists of URLs in SKILL.md. 2. Boundary markers: No delimiters or ignore instructions are specified for external content. 3. Capability inventory: Commands are described for fetching metadata and downloading media files via a browser or API. 4. Sanitization: The documentation does not describe any validation or escaping of external data.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 15, 2026, 01:43 PM