ffmpeg-analyse-video
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill is vulnerable to shell command injection via user-provided file paths. \n
- Evidence: In SKILL.md sections 3 and 4, the instructions direct the agent to execute
ffprobeandffmpegusing unvalidated variables likeVIDEO_PATHandINPUT(e.g.,ffprobe -v quiet ... "VIDEO_PATH"). \n - Risk: A malicious user could provide a filename containing shell metacharacters (e.g.,
; rm -rf / ;) which could lead to arbitrary code execution on the host system. \n- [PROMPT_INJECTION] (HIGH): The skill has a significant indirect prompt injection surface due to its core functionality. \n - Ingestion points: Video file frames in SKILL.md Step 4 and 5. \n
- Boundary markers: None present to distinguish video content from system instructions. \n
- Capability inventory: Subprocess execution via ffmpeg/ffprobe, file system writes/reads. \n
- Sanitization: None. \n
- Risk: The sub-agent prompt explicitly asks the AI to extract
prompts/commands the user typedfrom the video. An attacker could embed visual instructions in a video (e.g., on a slide) that the agent then transcribes and obeys during the final synthesis phase (Step 6), potentially leading to unauthorized actions. \n- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill uses an external installer from an unverified source. \n - Evidence: README.md recommends
npx skills add fabriqaai/ffmpeg-analyse-video-skill. \n - Risk: The author
fabriqaaiis not in the trusted sources list, posing a risk of supply chain attack or execution of malicious skill code during installation.
Recommendations
- AI detected serious security threats
Audit Metadata