video-metadata-inspector
Warn
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (MEDIUM): The skill provides functions to extract metadata such as video titles, artist names, and descriptions from external files. These fields are often attacker-controlled in the wild. If the AI agent processes this metadata to make decisions or summarize content, it is vulnerable to indirect instructions embedded within the video tags.
- [Command Execution] (LOW): The skill utilizes
moviepyandffmpeg-pythonas dependencies. These libraries interact with the system binaryffmpegvia subprocess calls. While standard for video processing, this creates a potential command injection surface if the implementation fails to properly sanitize file paths or arguments passed to the underlying shell.
Audit Metadata