python-ffmpeg
Warn
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: Use of the
eval()function on untrusted file metadata. - File: references/ffmpeg-complete-recipes.md
- Evidence:
fps = eval(video_stream['r_frame_rate']) - Description: The recipe suggests using
eval()to parse ther_frame_ratestring returned byffmpeg.probe(). Because this metadata is read from an external media file, a specifically crafted file could contain malicious Python code in the frame rate field, leading to code execution when the file is probed. A safer alternative such asfractions.Fractionshould be used instead. - [COMMAND_EXECUTION]: Extensive use of shell commands via the
subprocessmodule. - Files: references/ffmpeg-advanced-patterns.md, references/ffmpeg-complete-recipes.md
- Description: The skill provides numerous examples using
subprocess.runandsubprocess.Popento executeffmpegandffprobe. While most examples correctly use list-based arguments to mitigate shell injection risks, the core functionality depends on executing external binaries with file paths as input. - [PROMPT_INJECTION]: Potential surface for indirect prompt injection via media metadata.
- Ingestion points: Media files are ingested and analyzed using
ffmpeg.probe,ffmpeg.input, andcv2.VideoCaptureacross all reference files. - Boundary markers: The instructions do not provide boundary markers or warnings to the agent about ignoring potential instructions embedded in media metadata.
- Capability inventory: The skill possesses capabilities to run subprocesses (
subprocess.run), manage files (shutil.rmtree), and perform network operations (RTMP/HLS streaming). - Sanitization: The recipes generally use
pathlibfor path management and list-based subprocess calls, which helps prevent direct command injection, but does not sanitize metadata content before processing.
Audit Metadata