video-processing
Warn
Audited by Gen Agent Trust Hub on Feb 13, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- Unverifiable Dependencies (MEDIUM): The skill references a primary execution script
scripts/main.pywhich is not included in the provided files. This prevents verification of the script's logic, specifically regarding how it handles shell commands and user input. - Indirect Prompt Injection (HIGH): The skill is designed to process untrusted external media files (video and audio). Libraries like
moviepyandffmpegare susceptible to vulnerabilities when parsing maliciously crafted media files. 1. Ingestion: Media files via command line arguments. 2. Boundaries: None identified in instructions. 3. Capabilities: Local file system read/write and subprocess execution. 4. Sanitization: Unverifiable due to missing script. - Metadata Poisoning (MEDIUM): There is a direct contradiction in the documentation. The 'Skill Boundaries' section states the skill cannot 'Access or edit audio files directly,' while the 'Commands' section provides specific instructions for editing and processing those exact file types. This misleading metadata complicates the security assessment of the skill's actual permissions.
- Privilege Escalation (LOW): The documentation suggests the use of
sudo apt install ffmpeg, which involves acquiring root privileges to install system dependencies.
Audit Metadata