ffmpeg
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a high-quality documentation resource for the FFmpeg toolkit. It follows security best practices by using generic placeholders (e.g., 'TOKEN', 'https://example.com') for sensitive parameters and remote URLs.
- [EXTERNAL_DOWNLOADS]: The skill mentions standard installation procedures using trusted system package managers such as Homebrew (brew), APT (apt), and DNF (dnf). It also references well-known media utilities like yt-dlp, ImageMagick, and Whisper.
- [COMMAND_EXECUTION]: Provides templates for shell commands and batch processing loops. These are strictly limited to the intended functionality of media manipulation and do not involve suspicious operations like exfiltration or persistence.
- [PROMPT_INJECTION]: The skill has a minimal attack surface for indirect prompt injection (Category 8). It involves processing external media files and HLS playlists.
- Ingestion points: External media files and HLS URLs referenced in FFmpeg commands (SKILL.md).
- Boundary markers: Not explicitly present in the provided templates.
- Capability inventory: Shell execution for media tools (ffmpeg, ffprobe) and temporary filesystem access for frame extraction (SKILL.md).
- Sanitization: Not explicitly documented, as the skill provides templates for standard tool usage.
Audit Metadata