Skills
skills/xiaomoboy/claude-writing-skills/yt-dlp-direct/Snyk

yt-dlp-direct

Warn

Audited by Snyk on Jun 13, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.75). 该 skill 的核心运行路径是根据用户提供的 URL/关键词直接调用 yt-dlp(如 yt-dlp --simulate/--dump-single-json/-F 等),而 yt-dlp 在运行时会从外部站点抓取页面/元数据并将其作为可读文本输出到 LLM 上下文(间接提示注入风险来自“公共网页内容/站点返回的文本”)。

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 13, 2026, 09:35 AM
Issues
1
Security Audit — snyk — yt-dlp-direct