media-processing
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill leverages external binaries (ffmpeg, ffprobe, magick, mogrify) for media processing. The provided Python wrapper script, scripts/media_convert.py, follows security best practices by using subprocess.run with argument lists instead of shell strings, preventing command injection vulnerabilities.
- EXTERNAL_DOWNLOADS (SAFE): Installation instructions point to trusted system package managers (Homebrew, apt, winget) and official project websites for FFmpeg and ImageMagick. No unverified third-party binaries or scripts are downloaded or executed.
- DATA_EXFILTRATION (SAFE): The skill operates entirely on local media files and does not perform any network operations or access sensitive configuration directories.
- PROMPT_INJECTION (SAFE): No instructions designed to override agent behavior or bypass safety guardrails were identified in the markdown or script files.
Audit Metadata