video-assembly
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on executing
ffmpegcommands and uses shell redirection (>) to create temporary file lists for concatenation. This provides a surface for command injection if input filenames are not sanitized. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface:
- Ingestion points: Processes external files such as
video.mp4,audio.wav, and subtitle files (subs.srt,subs.ass) as inputs to commands. - Boundary markers: No delimiters are specified to isolate the content of these external files from the agent's instructions.
- Capability inventory: Includes the ability to execute complex
ffmpegfilters and write files to the local system. - Sanitization: There is no evidence of path sanitization or content validation for the processed assets.
Audit Metadata