python-ffmpeg

Warn

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: Use of the eval() function on untrusted file metadata.
  • File: references/ffmpeg-complete-recipes.md
  • Evidence: fps = eval(video_stream['r_frame_rate'])
  • Description: The recipe suggests using eval() to parse the r_frame_rate string returned by ffmpeg.probe(). Because this metadata is read from an external media file, a specifically crafted file could contain malicious Python code in the frame rate field, leading to code execution when the file is probed. A safer alternative such as fractions.Fraction should be used instead.
  • [COMMAND_EXECUTION]: Extensive use of shell commands via the subprocess module.
  • Files: references/ffmpeg-advanced-patterns.md, references/ffmpeg-complete-recipes.md
  • Description: The skill provides numerous examples using subprocess.run and subprocess.Popen to execute ffmpeg and ffprobe. While most examples correctly use list-based arguments to mitigate shell injection risks, the core functionality depends on executing external binaries with file paths as input.
  • [PROMPT_INJECTION]: Potential surface for indirect prompt injection via media metadata.
  • Ingestion points: Media files are ingested and analyzed using ffmpeg.probe, ffmpeg.input, and cv2.VideoCapture across all reference files.
  • Boundary markers: The instructions do not provide boundary markers or warnings to the agent about ignoring potential instructions embedded in media metadata.
  • Capability inventory: The skill possesses capabilities to run subprocesses (subprocess.run), manage files (shutil.rmtree), and perform network operations (RTMP/HLS streaming).
  • Sanitization: The recipes generally use pathlib for path management and list-based subprocess calls, which helps prevent direct command injection, but does not sanitize metadata content before processing.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 13, 2026, 03:39 AM
Security Audit — agent-trust-hub — python-ffmpeg