Skills
skills/wulaosiji/skills/media-hub/Gen Agent Trust Hub

media-hub

Fail

Audited by Gen Agent Trust Hub on Mar 8, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: In media_hub.py, the _get_media_info_ffprobe method uses the eval() function on the r_frame_rate metadata field extracted from media files via ffprobe. A maliciously crafted media file with a specially formatted frame rate string could trigger arbitrary Python code execution when the skill attempts to extract file information.
  • [REMOTE_CODE_EXECUTION]: The transcribe and process_video methods in media_hub.py and video_understanding.py pass a user-controllable model_size argument directly to whisper.load_model(). Since the Whisper library uses torch.load (which utilizes the unsafe pickle module), an attacker could potentially achieve remote code execution by providing a file path to a malicious model instead of a standard model name (e.g., 'base').
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. It downloads audio and video content from arbitrary URLs or Feishu messages, transcribes the content into text, and provides that text to the agent for analysis or summarization without any sanitization or boundary markers. Malicious instructions spoken in an audio file could be interpreted as system instructions by the agent.
  • Ingestion points: download_from_url and download_from_feishu in video_understanding.py.
  • Boundary markers: None used; transcripts are processed as raw strings.
  • Capability inventory: Full access to subprocess.run (FFmpeg/FFprobe), file system operations, and network requests via requests.
  • Sanitization: No validation or filtering is applied to the transcribed text output.
  • [COMMAND_EXECUTION]: The skill extensively interacts with the operating system by calling ffmpeg and ffprobe via subprocess.run. While it avoids using shell=True, it remains a vector for interacting with system binaries using paths and files derived from external sources.
  • [EXTERNAL_DOWNLOADS]: The skill facilitates downloading media from any user-provided URL and integrates with Feishu (a well-known service) to download message resources. These external downloads serve as the primary entry point for the untrusted data that triggers the identified RCE and injection vulnerabilities.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 8, 2026, 02:24 AM