audio-extract
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill constructs shell commands by interpolating user-controlled variables directly into command strings.
- Evidence: In SKILL.md (Step 1 and Step 4), user inputs like
$INPUT_FILEand the output path are placed directly intoffmpegandffprobecommands (e.g.,ffmpeg -i "INPUT" ...). - Risk: If a user provides a filename containing shell metacharacters (e.g.,
video; rm -rf / #.mp4), the agent may execute the injected command alongside the intended processing. - [Indirect Prompt Injection] (HIGH): The skill processes external file metadata and user-provided paths while possessing the capability to execute system binaries.
- Ingestion points: File paths provided by the user in Step 1 and custom output paths/parameters gathered via
AskUserQuestionin Step 2. - Boundary markers: Absent. There are no instructions to the agent to treat filenames as literal data or to use delimiters to prevent command interpretation.
- Capability inventory: Execution of
ffmpegandffprobevia shell (Step 1, 4, and 5). - Sanitization: Absent. The instructions rely on simple double-quotes in command templates, which is insufficient to prevent all forms of shell injection.
- [PROMPT_INJECTION] (LOW): While the primary threat is command injection, the interaction model depends on user input to define parameters which could be manipulated to cause unintended agent behavior, though this is secondary to the system-level risk.
Recommendations
- AI detected serious security threats
Audit Metadata