ffmpeg-analyse-video

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt explicitly instructs sub-agents and the main agent to "quote exactly" any text/prompts/commands the user typed (extracted from frames), which would force the model to reproduce verbatim any secrets (API keys, passwords, tokens) visible in the video frames and thus creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly spawns sub-agents that "Read each frame image listed below using the Read tool" (the extracted frame JPEGs in TMPDIR) and then the main agent ingests the produced batch_N_analysis.md text, so arbitrary user-supplied / third-party video frames (user-generated content) can be read and quoted back into the agent workflow, enabling indirect prompt injection.