ffmpeg-modal-containers
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
subprocess.runto call FFmpeg for video processing and FFprobe for metadata extraction. These operations are core to the skill's stated purpose. - [EXTERNAL_DOWNLOADS]: The skill configures container images that install software from trusted sources, including Debian's
aptrepositories (FFmpeg), NVIDIA's registry (CUDA), and the Python Package Index (Torch, Transformers, Accelerate, etc.). - [DATA_EXFILTRATION]: One production pattern in
references/production-audio-troubleshooting.mdincludes functionality to send job status metadata to an external URL via an HTTP POST request usingcurl. While intended for job monitoring, this network operation targets user-defined external endpoints. - [PROMPT_INJECTION]: The skill processes external media files (video/audio) which serves as an ingestion point for potential indirect prompt injection attacks against the underlying processing tools.
- Ingestion points:
transcode_videoinSKILL.mdandtranscribe_videoinreferences/production-audio-troubleshooting.mdingest raw bytes from external sources. - Boundary markers: No explicit delimiters or boundary markers are used to isolate untrusted media data.
- Capability inventory: The skill possesses subprocess execution (FFmpeg, FFprobe, Curl) and persistent file system access (Modal Volumes).
- Sanitization: The skill uses list-based arguments for
subprocess.runwhich prevents shell injection, but it does not sanitize or validate the internal contents of processed media files.
Audit Metadata