Skills
skills/ychoi-kr/claude-ffmpeg-skill/ffmpeg-usage/Gen Agent Trust Hub

ffmpeg-usage

Fail

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The README.md and install.sh files promote a 'Quick Install' method that fetches a script from GitHub and pipes it directly into the shell using curl -sSL https://raw.githubusercontent.com/ychoi-kr/claude-ffmpeg-skill/main/install.sh | bash. This pattern allows for the execution of arbitrary remote code on the user's host machine.
  • [COMMAND_EXECUTION]: The skill is primarily designed to facilitate shell command execution.
  • The validate.py script executes multiple ffmpeg and ffprobe commands via Python's subprocess.run to check the environment.
  • The examples/conversion.sh script is an interactive shell script that prompts for file paths and executes ffmpeg commands based on that input.
  • [EXTERNAL_DOWNLOADS]: The install.sh script performs a git clone from https://github.com/ychoi-kr/claude-ffmpeg-skill.git to install the skill files into the user's home directory (~/.claude/skills).
  • [DATA_EXFILTRATION]: The validate.py script collects system information, including Operating System type, release, architecture, and Python version, and saves this data to a local file named validation_report.json. While intended for troubleshooting, this represents unauthorized collection of host environment metadata.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to the way it handles external data.
  • Ingestion points: User-provided filenames, durations, and timestamps are interpolated into shell commands (found in SKILL.md).
  • Boundary markers: Absent. The skill does not instruct the agent to use delimiters or ignore embedded instructions when processing user-provided paths.
  • Capability inventory: The skill provides instructions for executing complex shell commands with ffmpeg, including the -safe 0 flag for concatenation, which disables safety checks for file paths.
  • Sanitization: Absent. There are no specific instructions for the agent to sanitize shell metacharacters or validate paths against directory traversal before executing the generated commands.
Recommendations
  • HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/ychoi-kr/claude-ffmpeg-skill/main/install.sh - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 29, 2026, 04:13 PM