media-understand
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- Data Exfiltration (HIGH): The script facilitates the upload of arbitrary local files to a third-party cloud service without path validation.- Evidence: In
media-understand.js, theMEDIA_PATHvariable is initialized directly from user-controlled command-line arguments (opts.media).- Evidence: TheresolveMediaForModelfunction takes this path and passes it tofalUploadFile(mediaPath), which reads and uploads the file to an external endpoint.- Risk: A malicious actor could provide paths to sensitive files such as~/.aws/credentials,/etc/passwd, or.envfiles. These files would be uploaded to the FAL storage proxy and potentially disclosed to the user through the model's analysis or the returned upload URL.- Indirect Prompt Injection (LOW): The skill processes untrusted media content that may contain hidden instructions for the LLM.- Ingestion points: Filemedia-understand.jsvia the--mediaargument (images, videos, audio).- Boundary markers: Absent. The user prompt and the media reference are sent to the model without explicit delimiters or instructions to ignore embedded content.- Capability inventory: File system read access (fs), network file uploads (falUploadFile), and model completions via API (falRun).- Sanitization: No sanitization or verification of the media content's safety or source is performed.
Recommendations
- AI detected serious security threats
Audit Metadata