video-processing
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on executing system-level commands through FFmpeg and faster-whisper. The use of user-provided URLs and file paths as arguments in commands like
video downloadandvideo transcribeintroduces a potential risk of command injection if the underlying implementation lacks robust sanitization.- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection (Category 8). - Ingestion points: Processing remote video metadata and transcribing audio content from external URLs (YouTube, Facebook) and local files.
- Boundary markers: The documentation does not specify the use of delimiters or specific instructions to ignore embedded commands in processed content.
- Capability inventory: Subprocess execution for media processing (FFmpeg), local transcription (faster-whisper), and file system access for reading/writing media files.
- Sanitization: No evidence of input validation or output escaping for generated transcripts or extracted metadata that are subsequently processed by the agent.
Audit Metadata