video-trim
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill constructs shell commands using variables like $INPUT_FILE and START/END times in Step 3 and Step 4. If these are not strictly sanitized by the agent framework, a malicious user could execute arbitrary system commands via shell metacharacters.
- [INDIRECT_PROMPT_INJECTION] (HIGH): Vulnerability surface detected. 1. Ingestion points: Step 1 (ffprobe reads file metadata) and user-provided file paths. 2. Boundary markers: Absent. 3. Capability inventory: Shell execution via ffmpeg and ffprobe. 4. Sanitization: Minimal; the skill relies on double-quoting variables in templates which is insufficient to prevent all forms of shell injection.
Recommendations
- AI detected serious security threats
Audit Metadata