youtube-videos
Pass
Audited by Gen Agent Trust Hub on Jul 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The script scripts/download_channel_videos.py executes the yt-dlp and ffmpeg command-line tools using subprocess.run. Findings indicate that arguments are passed as a list rather than a single string, which is a best practice that mitigates command injection risks.
- [EXTERNAL_DOWNLOADS]: The skill downloads video and audio streams from YouTube. These downloads are performed by yt-dlp, which is the industry standard tool for this task. No suspicious third-party scripts or executable code are downloaded.
- [SAFE]: The script includes functionality to use browser cookies via the --cookies-from-browser flag. While this involves access to sensitive local data, it is a documented and standard feature of the underlying yt-dlp tool, used here to facilitate access to public content that might be age-gated.
Audit Metadata