ffmpeg-docker-containers
Warn
Audited by Snyk on Jun 13, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). The skill includes runtime/build commands that fetch and execute remote code (e.g., docker pull/run of jrottenberg/ffmpeg:7.1-ubuntu2404, RUN git clone https://git.videolan.org/git/ffmpeg/nv-codec-headers.git && make install, and wget https://ffmpeg.org/releases/ffmpeg-7.1.tar.bz2) so external content is retrieved and executed as required dependencies.
MEDIUM W013: Attempt to modify system services in skill instructions.
- Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt includes explicit sudo-based host modifications (adding apt sources, installing nvidia-container-toolkit, running nvidia-ctk, and restarting Docker via systemctl), which require elevated privileges and change system files/services, so it risks compromising the host state.
Issues (2)
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
W013
MEDIUMAttempt to modify system services in skill instructions.
Audit Metadata