ffmpeg-graceful-degradation
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installing the
moviepypackage viapip install moviepyas a fallback mechanism. MoviePy is a widely recognized library for video editing tasks and is treated as a well-known source. - [COMMAND_EXECUTION]: The skill's core functionality relies on executing
ffmpegcommands throughsubprocess.run. This includes probing for encoders, testing clips, and performing the actual video encoding or copying operations based on specific fallback logic. - [PROMPT_INJECTION]: The provided Python implementation of
safe_video_encodeis susceptible to indirect prompt injection (Category 8) because it accepts file paths that could originate from untrusted sources and uses them in system calls without prior validation. - Ingestion points:
input_path,output_path, and theclipslist withinSKILL.md. - Boundary markers: The skill does not implement boundary markers or instructions to ignore embedded commands in the input data.
- Capability inventory: The skill utilizes
subprocess.runto execute CLI tools with user-controllable arguments. - Sanitization: There is no evidence of input validation, escaping, or path sanitization for the provided arguments.
Audit Metadata