video-frames
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/frame.shexecutes theffmpegbinary to process video files. While this is the primary purpose of the skill, the execution depends on parameters provided at runtime. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes external data (video files and metadata) without strictly validating parameters like
--timeor--index. - Ingestion points: Arguments passed to
scripts/frame.shvia the agent. - Boundary markers: Absent; there are no delimiters or instructions to ignore embedded content in input strings.
- Capability inventory: Subprocess execution of
ffmpeg, directory creation (mkdir), and file writing inscripts/frame.sh. - Sanitization: Absent; the script only verifies the existence of the input file but does not validate the format or safety of the timestamp, index, or output path strings before interpolation into the
ffmpegcommand.
Audit Metadata