Skills
skills/aaaaqwq/agi-super-team/video-merge-send/Gen Agent Trust Hub

video-merge-send

Warn

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The script scripts/merge_videos.py uses the eval() function on data derived from an external source.\n
  • Evidence: In get_video_info, the code executes eval(s.get('r_frame_rate', '30/1')). The variable s contains metadata extracted from a video file via ffprobe. An attacker could potentially craft a video file with a malicious Python expression in the frame rate metadata to achieve arbitrary code execution.\n- [COMMAND_EXECUTION]: The skill executes system commands to process video files.\n
  • Evidence: The script scripts/merge_videos.py makes multiple calls to subprocess.run to execute ffmpeg and ffprobe. While it uses the list-based argument passing method (which is safer than shell=True), it still provides a mechanism for the agent to interact with powerful system binaries.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 19, 2026, 06:02 PM
Security Audit — agent-trust-hub — video-merge-send