extract-audio
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands using
ffmpegandffprobethat incorporate variables$INPUTand$OUTPUT. While these variables are double-quoted, the skill remains susceptible to command injection if the agent environment does not strictly sanitize the provided file paths. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting and processing untrusted data from media files.
- Ingestion points: Media filenames ($INPUT) and stream metadata (codec_name, bit_rate) retrieved via
ffprobe(SKILL.md). - Boundary markers: Absent. There are no explicit instructions to the model to ignore potential instructions embedded in the metadata.
- Capability inventory: The skill has the capability to execute subprocesses through
Bash(ffprobe:*),Bash(ffmpeg:*), andpython3 -c(SKILL.md). - Sanitization: Basic shell quoting is applied to variables, but no validation or sanitization of the metadata values is performed before they are printed or processed by the Python snippet.
Audit Metadata