ffmpeg

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes an explicit example that embeds an Authorization: Bearer TOKEN header directly in an ffmpeg command (ffmpeg -headers "Authorization: Bearer TOKEN\r\n"...), which is the insecure pattern of placing secrets verbatim on the command line and in generated output.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow explicitly shows fetching public media (e.g., "ffmpeg -i 'https://example.com/playlist.m3u8'" in section 11 and the "yt-dlp -f bestvideo+bestaudio URL" mention in Related Tools) and then running a "Video Analysis (Sub-Agent Pattern)" where the agent reads synthesized text summaries from analyzed frames, meaning untrusted user-generated web content can be fetched and its extracted summaries interpreted and used to drive subsequent actions.