FFmpeg Video Editor
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to generate functional bash commands for video processing. While the agent does not execute them directly, the output is specifically formatted for shell execution.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) through user-supplied filenames and parameters.
- Ingestion points: User requests containing filenames, timestamps, and processing options (SKILL.md).
- Boundary markers: No explicit delimiters or instructions to ignore instructions embedded in filenames are provided.
- Capability inventory: Generation of FFmpeg commands with potential read/write access to the local file system.
- Sanitization: The skill does not define any sanitization or escaping rules for the interpolated user input, relying only on double quotes in examples.
Audit Metadata