ffmpeg-install
Warn
Audited by Snyk on Apr 1, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 1.00). The skill contains installation commands that fetch and execute remote scripts at runtime—e.g. /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)", iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1')), and Invoke-RestMethod -Uri https://get.scoop.sh | Invoke-Expression—which directly execute remote code and therefore present a high runtime execution risk.
MEDIUM W013: Attempt to modify system services in skill instructions.
- Attempt to modify system services in skill instructions detected (high risk: 0.90). Flagged because the skill instructs running privileged installation commands (sudo apt/yum/pacman, running installers as Administrator) and explicitly tells the user to bypass PowerShell execution policy / run remote install scripts, which request privilege escalation and alter system state.
Issues (2)
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
W013
MEDIUMAttempt to modify system services in skill instructions.
Audit Metadata