video-subtitle-dl
Warn
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill's implementation in
scripts/fetch-subs.shand the guidance inSKILL.mdenable the passing of arbitrary 'extra options' to theyt-dlpcommand-line utility. This pattern is risky because a malicious user could potentially inject dangerous flags like--exec, which would result in the execution of arbitrary shell commands once a download completes.- [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection because it ingests and processes untrusted subtitle data from external video platforms. - Ingestion points: Subtitle files are downloaded from the internet via
scripts/fetch-subs.shand then read by the agent for translation. - Boundary markers: The
references/translation-guide.mdfile contains instructions to maintain timecodes and focus solely on text, which serves as a delimiter for the agent's task. - Capability inventory: The skill has the ability to execute shell commands (
yt-dlp) and write files to the local file system. - Sanitization: The skill does not perform any programmatic sanitization of the downloaded subtitle content before processing it.- [EXTERNAL_DOWNLOADS]: The skill relies on the external tool
yt-dlpand provides instructions for its installation via standard package managers. This is a common requirement for such skills, and the tool itself is from a well-known and widely used project.
Audit Metadata