stitch-videos-ffmpeg

Pass

Audited by Gen Agent Trust Hub on Jul 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill relies on executing external binaries, specifically ffmpeg and ffprobe, to perform its core functions. These commands are executed via subprocess calls with list-based arguments, which is a secure implementation practice.
  • Evidence: Multiple subprocess.run calls in scripts/composite.py, scripts/voiceless/composite.py, and scripts/composite_final.py.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes edit_plan.json files without validation or sanitization of the input parameters.
  • Ingestion points: The skill reads configuration data from edit_plan.json files (found in scripts/composite.py and scripts/voiceless/composite.py).
  • Boundary markers: Absent. No delimiting or validation logic is present to prevent the agent from acting on malicious instructions embedded within the JSON structure.
  • Capability inventory: The skill can read any file accessible to the agent process and execute complex video manipulation logic through FFmpeg.
  • Sanitization: Absent. Values from the JSON input, such as file paths (video, audio, music) and filter parameters (trim, x, y, start_s, etc.), are used directly in command construction. This creates a surface for path traversal or logic manipulation if the input source is compromised.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 2, 2026, 06:17 AM
Security Audit — agent-trust-hub — stitch-videos-ffmpeg