Skills
skills/michaelboeding/skills/device-framer/Gen Agent Trust Hub

device-framer

Fail

Audited by Gen Agent Trust Hub on Apr 3, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The script scripts/frame_video.py invokes the eval() function on the r_frame_rate string extracted from the input video's metadata using ffprobe. Because metadata can be manipulated in a crafted file, this creates a vector for arbitrary code execution within the agent's environment.\n- [COMMAND_EXECUTION]: The skill uses subprocess.run to call ffmpeg and ffprobe for video analysis and processing. While necessary for the skill's features, these calls facilitate the ingestion of untrusted data that eventually reaches the vulnerable eval() call.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 3, 2026, 08:40 PM
Security Audit — agent-trust-hub — device-framer