media-processing
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- COMMAND_EXECUTION (SAFE): The Python script
scripts/media_convert.pyexecutes system binaries (ffmpegandmagick) using thesubprocess.run()method with a sequence of arguments. This approach effectively prevents shell injection vulnerabilities by bypassing the shell interpreter. - EXTERNAL_DOWNLOADS (SAFE): The project identifies necessary system dependencies like FFmpeg and ImageMagick but does not attempt to download or install them automatically. Python dependencies are limited to standard testing frameworks (
pytest). - DATA_EXFILTRATION (SAFE): Although the documentation includes guides for network streaming (UDP/RTMP), the provided code does not contain any logic for unauthorized data transmission or access to sensitive local files.
- INDIRECT PROMPT INJECTION (SAFE): The skill processes user-supplied media files. While this is an ingestion surface, the implementation uses structured command building and avoids raw shell interpolation, significantly reducing the risk of malicious file names influencing system behavior.
Audit Metadata