ffmpeg-modal-containers

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses subprocess.run to call FFmpeg for video processing and FFprobe for metadata extraction. These operations are core to the skill's stated purpose.
  • [EXTERNAL_DOWNLOADS]: The skill configures container images that install software from trusted sources, including Debian's apt repositories (FFmpeg), NVIDIA's registry (CUDA), and the Python Package Index (Torch, Transformers, Accelerate, etc.).
  • [DATA_EXFILTRATION]: One production pattern in references/production-audio-troubleshooting.md includes functionality to send job status metadata to an external URL via an HTTP POST request using curl. While intended for job monitoring, this network operation targets user-defined external endpoints.
  • [PROMPT_INJECTION]: The skill processes external media files (video/audio) which serves as an ingestion point for potential indirect prompt injection attacks against the underlying processing tools.
  • Ingestion points: transcode_video in SKILL.md and transcribe_video in references/production-audio-troubleshooting.md ingest raw bytes from external sources.
  • Boundary markers: No explicit delimiters or boundary markers are used to isolate untrusted media data.
  • Capability inventory: The skill possesses subprocess execution (FFmpeg, FFprobe, Curl) and persistent file system access (Modal Volumes).
  • Sanitization: The skill uses list-based arguments for subprocess.run which prevents shell injection, but it does not sanitize or validate the internal contents of processed media files.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 03:39 AM
Security Audit — agent-trust-hub — ffmpeg-modal-containers