media-processing
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- Privilege Escalation (HIGH): The installation instructions for Ubuntu/Debian explicitly recommend the use of 'sudo apt-get install', which grants the agent elevated system permissions during setup.
- Indirect Prompt Injection (HIGH): The skill is designed to process external multimedia files which serves as a major ingestion point for untrusted data. Ingestion points: User-provided media files (e.g., .mkv, .png) processed via CLI tools. Boundary markers: Absent; there are no instructions to the agent to sanitize or ignore malicious metadata or embedded scripts. Capability inventory: The skill executes powerful system binaries ('ffmpeg', 'magick', 'rmbg') which have the capability to read/write files and, in the case of FFmpeg, perform network operations (e.g., via HLS playlists). Sanitization: Absent; untrusted inputs are passed directly to shell commands. Maliciously crafted files can exploit known vulnerabilities like ImageTragick or FFmpeg's handling of external resources to achieve remote code execution.
- Unverifiable Dependencies (MEDIUM): The skill recommends installing 'rmbg-cli' from npm, which is an untrusted third-party package not listed in the trusted source scope.
Recommendations
- AI detected serious security threats
Audit Metadata