media-processing
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill processes external multimedia files and includes tools (ffprobe, identify) that extract metadata. This metadata can be manipulated by attackers to include malicious instructions that may influence the agent's behavior when it parses the tool's output.
- Ingestion points: Multimedia files processed via the
media_convert.pyscript or directly through documented commands likeffprobeandidentify(referenced inSKILL.mdandreferences/ffmpeg-streaming.md). - Boundary markers: No boundary markers or 'ignore' instructions are used when passing metadata output to the agent.
- Capability inventory: The skill includes extensive capabilities for file system read/write operations and execution of powerful media binaries (
ffmpeg,magick). - Sanitization: No sanitization or filtering of metadata content is performed before outputting results.
- [Prompt Injection] (SAFE): No direct instructions to bypass safety filters, extract system prompts, or override agent constraints were found in the skill documentation or scripts.
- [Data Exposure & Exfiltration] (SAFE): Analysis of the Python wrapper and reference guides confirmed no hardcoded credentials, unauthorized network requests, or access to sensitive local paths (e.g., SSH or cloud credentials).
- [Unverifiable Dependencies] (SAFE): The skill depends on standard, well-known system packages. Python requirements are limited to standard testing libraries (
pytest). - [Privilege Escalation] (LOW): The documentation in
SKILL.mdprovides instructions to weaken the system's security posture by disabling the ImageMagickpolicy.xmlsecurity policy for PDF processing, which is a known vector for exploitation (e.g., through Ghostscript). While documented for functionality, it represents a best-practice violation.
Audit Metadata