ffmpeg-master
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill provides templates for shell commands (e.g.,
ffmpeg -i input.mp4). If an AI agent populates these placeholders with untrusted user input without strict shell escaping, it enables arbitrary command execution (e.g., providing a filename like; rm -rf / ;). - [DATA_EXFILTRATION] (MEDIUM): The skill explicitly includes the
-safe 0flag in the concatenation example (ffmpeg -f concat -safe 0 -i filelist.txt). This flag disables security boundaries in the FFmpeg concat demuxer, allowing the tool to read any file on the filesystem that the user has access to. If an attacker can influence the content of thefilelist.txt, they can exfiltrate sensitive local data by encoding it into the output video stream. - [REMOTE_CODE_EXECUTION] (HIGH): Because the skill's purpose is to generate executable shell strings from external inputs (Category 8 surface), the lack of sanitization logic or boundary markers constitutes a high-risk RCE vector through Indirect Prompt Injection.
- Ingestion points: File paths, codec names, and filter parameters derived from user requests or external file lists (SKILL.md).
- Boundary markers: Absent. The skill provides raw shell templates without delimiters or escaping instructions.
- Capability inventory: Execution of
ffmpegandffprobevia the system shell (SKILL.md). - Sanitization: Absent. No guidance is provided to the agent on how to validate or escape inputs before command construction.
Recommendations
- AI detected serious security threats
Audit Metadata