ffmpeg-graceful-degradation

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill recommends installing the moviepy package via pip install moviepy as a fallback mechanism. MoviePy is a widely recognized library for video editing tasks and is treated as a well-known source.
  • [COMMAND_EXECUTION]: The skill's core functionality relies on executing ffmpeg commands through subprocess.run. This includes probing for encoders, testing clips, and performing the actual video encoding or copying operations based on specific fallback logic.
  • [PROMPT_INJECTION]: The provided Python implementation of safe_video_encode is susceptible to indirect prompt injection (Category 8) because it accepts file paths that could originate from untrusted sources and uses them in system calls without prior validation.
  • Ingestion points: input_path, output_path, and the clips list within SKILL.md.
  • Boundary markers: The skill does not implement boundary markers or instructions to ignore embedded commands in the input data.
  • Capability inventory: The skill utilizes subprocess.run to execute CLI tools with user-controllable arguments.
  • Sanitization: There is no evidence of input validation, escaping, or path sanitization for the provided arguments.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 03:40 AM
Security Audit — agent-trust-hub — ffmpeg-graceful-degradation