media-composition
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via the composition manifest file.
- Ingestion points: The skill parses
manifest.yamlto extract component paths and layout parameters in Step 1 and Step 2. - Boundary markers: No boundary markers or 'ignore' instructions are used when interpolating manifest data into shell commands.
- Capability inventory: The skill executes Bash commands,
yq, andffmpegsubprocesses. - Sanitization: The values extracted from the manifest (such as
components[].output) are used directly in shell loops andffmpegarguments without validation or escaping. - [COMMAND_EXECUTION]: The skill dynamically generates complex
ffmpegfilter strings and command arguments based on thelayoutandoptionsfields in the manifest. While these are intended operations, the lack of input validation on the manifest content could allow an attacker to craft a manifest that executes unintendedffmpegfeatures or influences the host file system.
Audit Metadata