youtube-videos

Pass

Audited by Gen Agent Trust Hub on Jul 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/download_channel_videos.py executes the yt-dlp and ffmpeg command-line tools using subprocess.run. Findings indicate that arguments are passed as a list rather than a single string, which is a best practice that mitigates command injection risks.
  • [EXTERNAL_DOWNLOADS]: The skill downloads video and audio streams from YouTube. These downloads are performed by yt-dlp, which is the industry standard tool for this task. No suspicious third-party scripts or executable code are downloaded.
  • [SAFE]: The script includes functionality to use browser cookies via the --cookies-from-browser flag. While this involves access to sensitive local data, it is a documented and standard feature of the underlying yt-dlp tool, used here to facilitate access to public content that might be age-gated.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 10, 2026, 01:40 AM