video-frames
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The script
scripts/frame.shexecutesffmpegandmkdirusing arguments provided by the AI agent. While the script uses double-quoting for shell variables to prevent word splitting and basic command injection, it does not validate that the provided paths are within safe directories, potentially allowing path traversal or arbitrary file overwrites. - [PROMPT_INJECTION] (LOW): This skill presents an attack surface for indirect prompt injection through its handling of untrusted input. Ingestion points: Command-line arguments for input file path, output path, timestamp, and frame index in
scripts/frame.sh. Boundary markers: None are specified in the skill instructions or script. Capability inventory: Executesffmpeg(capable of file system access and potentially network access via specific protocols) andmkdir. Sanitization: The script employs shell quoting for variable expansion but lacks logic to sanitize or validate the content of the paths or numeric parameters.
Audit Metadata