ai-multimodal
Warn
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The script scripts/media_optimizer.py uses the eval() function to parse the r_frame_rate field from ffprobe output. This is a dynamic execution risk because it evaluates a string derived from the metadata of a user-provided media file.
- [COMMAND_EXECUTION]: The skill executes external system commands using the subprocess module in scripts/media_optimizer.py to call ffmpeg and ffprobe. While arguments are handled as lists, the execution of complex external binaries on untrusted media files increases the attack surface.
- [COMMAND_EXECUTION]: SKILL.md includes instructions to use a gemini CLI command if available, which involves executing shell commands with piped input.
- [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection (Category 8) due to its core functionality.
- Ingestion points: Untrusted media files (images, audio, video, PDFs) are uploaded to the Gemini API in scripts/gemini_batch_process.py and scripts/document_converter.py.
- Boundary markers: Absent. The skill does not use delimiters or specific instructions to isolate content extracted from these files from the agent's instructions.
- Capability inventory: The agent has capabilities to write files, perform network requests to Google APIs, and execute system commands via ffmpeg.
- Sanitization: Content is passed to the LLM without sanitization or filtering.
- [DATA_EXFILTRATION]: scripts/check_setup.py prints a partial preview of the GEMINI_API_KEY to the terminal for debugging purposes, which technically exposes sensitive credential fragments in logs or terminal history.
Audit Metadata