ai-multimodal
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The
scripts/media_optimizer.pyscript utilizessubprocess.runto callffmpegandffprobefor media file analysis and optimization. These calls are implemented using list-based arguments withoutshell=True, which is a secure practice to prevent shell injection. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted external files (PDFs, images, audio, video) that are subsequently passed to the Gemini API for analysis or generation.
- Ingestion points: Files are ingested through CLI arguments in
scripts/gemini_batch_process.py,scripts/document_converter.py, andscripts/media_optimizer.py. - Boundary markers: The scripts use instructional prompts (e.g., in
document_converter.py) to request specific output formats like clean Markdown, which provides a weak boundary against malicious content embedded in the processed files. - Capability inventory: The skill has the capability to write files to the local disk and execute subprocesses (ffmpeg).
- Sanitization: There is no explicit sanitization or filtering of the content within the media or document files before they are sent to the AI model.
- [DYNAMIC_EXECUTION]: The skill uses
sys.path.insertto dynamically load utility modules (resolve_env.py,api_key_rotator.py) from standard locations associated with the author's environment. While this involves dynamic path modification, it aligns with the vendor's established development patterns for resource sharing across skills. - [SAFE]: The skill relies on official libraries (e.g.,
google-genai) and standard industry tools (e.g.,ffmpeg,Pillow). No malicious obfuscation, persistence mechanisms, or credential exfiltration patterns were detected.
Audit Metadata