media-processing
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The shell scripts 'scripts/batch-remove-background.sh' and 'scripts/remove-background.sh' include logic to automatically install the 'rmbg-cli' package globally via 'npm install -g' if the command is missing. This runtime installation of external software from unverified sources bypasses security controls and introduces potential for supply chain attacks.
- [COMMAND_EXECUTION] (MEDIUM): The skill makes extensive use of 'subprocess.run' in Python and shell execution in bash to run 'ffmpeg', 'magick', and 'rmbg'. While arguments are generally quoted, the complexity of the command-line interfaces for these tools increases the risk of command injection via malicious file metadata or crafted filenames.
- [METADATA_POISONING] (MEDIUM): The 'scripts/README.md' claims the existence of 'batch_resize.py' and 'video_optimize.py', but these files are missing from the skill package, representing deceptive metadata that could lead to misjudgment of skill capabilities.
- [INDIRECT_PROMPT_INJECTION] (HIGH): The skill is highly vulnerable to indirect prompt injection due to its processing of external media. * Ingestion points: Untrusted media files (images, video, audio) are ingested and processed by 'media_convert.py' and 'batch-remove-background.sh'. * Boundary markers: None identified; the skill interpolates untrusted data directly into command-line arguments. * Capability inventory: Significant capabilities including file system write access and execution of powerful media processing binaries. * Sanitization: There is no evidence of sanitization or validation of the contents or properties of the media files being processed.
Recommendations
- AI detected serious security threats
Audit Metadata