media-processing
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The scripts
scripts/batch-remove-background.shandscripts/remove-background.shcontain logic to automatically executenpm install -g rmbg-cliif the required binary is missing. This installs unverified third-party code globally on the host system without an explicit user prompt or confirmation during script execution. - COMMAND_EXECUTION (LOW): The skill utilizes subprocess calls to execute powerful media tools including FFmpeg and ImageMagick. While the Python implementation in
scripts/media_convert.pyuses the safer list-argument method forsubprocess.run, the skill provides a broad surface for processing potentially malicious media files using system binaries. - PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection through processed media content or metadata. Ingestion points: Media files and directory paths processed by shell and Python scripts. Boundary markers: None present to delimit untrusted data. Capability inventory: Subprocess execution and global package installation capabilities. Sanitization: No validation or sanitization of input filenames or media metadata is performed before processing.
- DATA_EXFILTRATION (SAFE): No hardcoded credentials, sensitive file access (e.g., SSH keys), or unauthorized network exfiltration patterns were detected.
Recommendations
- AI detected serious security threats
Audit Metadata