ai-multimodal
Warn
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The
scripts/media_optimizer.pyscript executesffmpegandffprobeas subprocesses to optimize media files and extract metadata. This allows the skill to perform complex media processing tasks on the host system. - [REMOTE_CODE_EXECUTION]: The skill utilizes dynamic execution in multiple locations. The
scripts/media_optimizer.pyscript uses theeval()function to calculate frame rates fromffprobeoutput, which is a discouraged practice that can lead to code execution if input data is manipulated. Additionally, thescripts/check_setup.pyscript uses the__import__function for dynamic module loading to verify dependencies. - [DATA_EXFILTRATION]: The skill's orchestration scripts access sensitive local configuration files, including local
.envfiles and shared environment configurations in the~/.claude/directory, to retrieve API keys and configuration parameters. - [PROMPT_INJECTION]: The skill processes untrusted multimedia files (images, audio, video, documents) through the Gemini API. This ingestion of external data creates a surface for indirect prompt injection, where instructions hidden within the media could attempt to manipulate the agent's logic or behavior.
- Ingestion points: Files processed through
scripts/gemini_batch_process.pyandscripts/document_converter.py. - Boundary markers: The prompts sent to the Gemini API do not use specific delimiters or instructions to isolate the untrusted file content from the task instructions.
- Capability inventory: Subprocess execution (FFmpeg), file system write access for generated assets, and network communication with Google Gemini services.
- Sanitization: The skill does not perform validation or sanitization on the content extracted from files before it is processed by the generative models.
Audit Metadata