audio-video
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for installing FFmpeg using 'sudo apt install' and uses 'subprocess.run' in multiple Python examples to execute external binaries like 'ffmpeg' and 'ffprobe'. These are standard operations for the described use case of media processing.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface within its Python integration examples (Section 6 and 8). An attacker could potentially influence the behavior of an agent using these snippets by providing malicious filenames containing shell metacharacters.
- Ingestion points: File paths ('input_path', 'output_path', 'video_path') and dictionary-based 'options' passed to Python functions.
- Boundary markers: None present in the code snippets to isolate untrusted input strings from the command structure.
- Capability inventory: Extensive use of 'subprocess.run' for binary execution and 'os.makedirs' for directory creation across several scripts.
- Sanitization: The provided code snippets demonstrate raw string interpolation or list construction without explicit input validation or shell escaping for the variables.
Audit Metadata