stitch-videos-ffmpeg
Pass
Audited by Gen Agent Trust Hub on Jul 2, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on executing external binaries, specifically
ffmpegandffprobe, to perform its core functions. These commands are executed via subprocess calls with list-based arguments, which is a secure implementation practice. - Evidence: Multiple
subprocess.runcalls inscripts/composite.py,scripts/voiceless/composite.py, andscripts/composite_final.py. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes
edit_plan.jsonfiles without validation or sanitization of the input parameters. - Ingestion points: The skill reads configuration data from
edit_plan.jsonfiles (found inscripts/composite.pyandscripts/voiceless/composite.py). - Boundary markers: Absent. No delimiting or validation logic is present to prevent the agent from acting on malicious instructions embedded within the JSON structure.
- Capability inventory: The skill can read any file accessible to the agent process and execute complex video manipulation logic through FFmpeg.
- Sanitization: Absent. Values from the JSON input, such as file paths (
video,audio,music) and filter parameters (trim,x,y,start_s, etc.), are used directly in command construction. This creates a surface for path traversal or logic manipulation if the input source is compromised.
Audit Metadata