video-frames
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The script
scripts/frame.shconstructsffmpegcommands using unvalidated input variables$timeand$index. - Evidence: In
scripts/frame.sh, the${index}variable is interpolated directly into the-vf(video filter) argument:"select=eq(n\\,${index})". If an agent populates this parameter with unvalidated user input, an attacker could inject additional ffmpeg filters (e.g., using a value like0),drawtext=...) to manipulate output or potentially exploit tool-specific vulnerabilities. - [PROMPT_INJECTION] (MEDIUM): The skill is susceptible to Indirect Prompt Injection (Category 8) due to its processing of untrusted external data.
- Ingestion points: The script
scripts/frame.shingests external video files provided via the<video-file>argument. - Boundary markers: None. The script does not use delimiters or instructions to prevent the agent from being influenced by data found within the video metadata or subtitles during processing.
- Capability inventory: The skill executes
ffmpeg, a powerful media processing tool capable of complex operations, including reading local files and making network requests (e.g., via HLS playlists or the concat demuxer) if the input file is malicious. - Sanitization: The script only checks for file existence (
[[ ! -f "$in" ]]) and does not validate the integrity or content of the video file before processing.
Audit Metadata