video-frames
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [DYNAMIC_EXECUTION]: The script
scripts/frame.shexecutes theffmpegbinary using subprocess calls, which involves assembling command strings from input arguments. - [REMOTE_CODE_EXECUTION]: The skill documentation includes installation instructions for
ffmpegvia Homebrew. As Homebrew is a well-known and trusted package manager, this external dependency is considered safe. - [INDIRECT_PROMPT_INJECTION]: The
scripts/frame.shscript accepts--indexand--timearguments which are interpolated intoffmpegcommand strings. This represents a potential attack surface if inputs are not properly validated by the agent. \n - Ingestion points: Command-line arguments (
--index,--time) inscripts/frame.sh.\n - Boundary markers: None.\n
- Capability inventory: Subprocess execution of
ffmpegwith complex filtergraphs.\n - Sanitization: None.
Audit Metadata