media-processor
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill leverages powerful CLI tools (
ffmpeg,magick,bun) to process files. This presents a risk of command injection if the underlying logic fails to properly sanitize user-provided file paths or metadata parsed from media files. - PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection via the media it processes. Ingestion points: Untrusted filenames, directory paths, and internal media metadata. Boundary markers: None defined in the skill documentation to isolate untrusted data. Capability inventory: Execution of arbitrary subcommands for
ffmpegandmagickalong with file system read access. Sanitization: Not verifiable from the skill documentation; the security depends entirely on the implementation of the externalmediascript.
Audit Metadata