Skills
skills/aaaaqwq/claude-code-skills/FFmpeg Video Editor/Gen Agent Trust Hub

FFmpeg Video Editor

Warn

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The instructions in SKILL.md contain hidden zero-width space characters (U+200B) used to obfuscate code block delimiters in the response format section.
  • [COMMAND_EXECUTION]: The skill provides a command template for concatenation (ffmpeg -f concat -safe 0) that uses the -safe 0 flag, which bypasses security restrictions and allows FFmpeg to read files from absolute or out-of-bounds paths.
  • [PROMPT_INJECTION]: There is a discrepancy between the author 'aaaaqwq' and the owner metadata 'mahmoudadelbghany' in _meta.json, which constitutes deceptive metadata.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. 1. Ingestion points: Natural language user requests described in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: Generation of FFmpeg shell commands. 4. Sanitization: Absent. This surface allows untrusted input to influence generated command parameters.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 20, 2026, 08:56 AM
Security Audit — agent-trust-hub — FFmpeg Video Editor