ffmpeg-command

Pass

Audited by Gen Agent Trust Hub on Jun 27, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill focuses entirely on providing documentation and templates for generating FFmpeg command strings. It does not include any executable scripts or automation that would perform actions without user/agent intervention.
  • [DATA_EXPOSURE]: No hardcoded credentials, API keys, or access to sensitive local file paths (such as .ssh or .aws) were identified in any of the skill files.
  • [PROMPT_INJECTION]: The instructions do not contain patterns designed to bypass AI safety filters or override system-level constraints. The use of 'non-negotiable' language is used appropriately to ensure the agent reads the necessary reference documentation.
  • [EXTERNAL_DOWNLOADS]: The skill references documentation and house-style guides from the author's own domain (rendi.dev). This is consistent with the provided author context and does not represent a security risk.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes natural language descriptions to build shell commands. While it does not explicitly instruct the agent to sanitize user-provided filenames, this is a common characteristic of command-generation skills and represents a low risk within the intended use case.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 27, 2026, 04:54 PM
Security Audit — agent-trust-hub — ffmpeg-command