ffmpeg-cli
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Privilege Escalation (MEDIUM): The SKILL.md file provides commands for installing FFmpeg on Ubuntu/Debian using 'sudo apt install ffmpeg'. While standard for installation, providing 'sudo' commands to an agent with Bash tool access allows for unauthorized privilege escalation. The severity is downgraded to MEDIUM as the instruction is tied to the primary setup of the tool.
- Indirect Prompt Injection (LOW): The skill demonstrates the use of filters that read from external files, specifically 'drawtext=textfile=text.txt' in references/advanced-editing.md and 'subtitles=subs.srt' in the same file. These files serve as untrusted inputs that can influence agent behavior if processed by an LLM in a pipeline.
- Ingestion points: Content is ingested from 'text.txt' and 'subs.srt'.
- Boundary markers: No delimiters or instructions to ignore embedded commands are present in the provided examples.
- Capability inventory: The skill is allowed 'Bash', 'Write', and 'Edit' tools, providing a wide surface for system interaction.
- Sanitization: No sanitization or validation of the content of external files is described.
Audit Metadata