fix-neat-video
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a bash script located at
scripts/fix_video.sh. This script invokesffmpegwith multiple flags to reconstruct timestamps and ignore errors in media streams. - [COMMAND_EXECUTION]: The script uses the
rmcommand to delete the original source file (.mp4.ts) upon successful completion of the video fix. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through maliciously crafted filenames. While the shell script uses quotes (
"$INPUT") to mitigate basic word splitting, it processes untrusted user-provided paths. - Ingestion points: The filename argument passed to
scripts/fix_video.shvia the agent. - Boundary markers: None present in the prompt or script to delimit user input from instructions.
- Capability inventory: File system deletion (
rm) and subprocess execution (ffmpeg) inscripts/fix_video.sh. - Sanitization: The script performs a basic check for the
.mp4.tsextension and file existence but does not sanitize the filename for shell metacharacters beyond standard quoting.
Audit Metadata