media-processing
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- Privilege Escalation (MEDIUM): The installation instructions for Ubuntu/Debian include
sudo apt-get install, which requires elevated administrative privileges to execute. - External Downloads (MEDIUM): The skill instructions include
npm install -g rmbg-cli. This package is a third-party dependency hosted on a public registry and is not from a predefined trusted organization. - Indirect Prompt Injection (LOW): The skill processes user-supplied media files using CLI tools, creating a surface for potential command injection via crafted filenames.
- Ingestion points: Commands accept file paths such as
input.mkv,input.png, andinput.jpgas arguments. - Boundary markers: None. The commands directly interpolate file names into shell execution strings.
- Capability inventory: The skill executes
ffmpeg,magick,mogrify, andrmbgas subprocesses. - Sanitization: There is no evidence of filename sanitization or validation before passing arguments to the shell.
Audit Metadata