Skills
skills/henkisdabro/wookstar-claude-code-plugins/ffmpeg-cli/Gen Agent Trust Hub

ffmpeg-cli

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [Privilege Escalation] (MEDIUM): The SKILL.md file recommends using sudo apt install ffmpeg for installation on Linux systems. Although this is a standard procedure for package management, the use of sudo grants elevated root privileges. Providing privileged commands within a skill increases the risk of unauthorized system modifications if the agent executes them in an environment without strict oversight.\n- [Indirect Prompt Injection] (LOW): The skill identifies ingestion points for external data in references/advanced-editing.md through the drawtext and subtitles filters, which read from files like text.txt and subs.srt. This represents a surface where an attacker could provide a malicious file containing instructions meant to influence the agent's behavior.\n
  • Ingestion points: references/advanced-editing.md (via textfile and subtitles parameters).\n
  • Boundary markers: Absent; the skill does not instruct the agent to ignore instructions embedded in these processed files.\n
  • Capability inventory: The skill permits use of the Bash tool, allowing the execution of FFmpeg and other shell commands.\n
  • Sanitization: Absent; the documentation does not suggest validating or sanitizing the content of the input text or subtitle files before processing.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:48 PM