ffmpeg-usage
Warn
Audited by Gen Agent Trust Hub on May 24, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The installation instructions require the use of 'sudo' to install system packages on Linux distributions, which involves privilege escalation.
- [COMMAND_EXECUTION]: The skill relies on the execution of shell commands for its core functionality, including complex processing pipelines using ffmpeg, ffprobe, and curl.
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface:
- Ingestion points: The skill processes user-supplied media filenames, processing parameters, and timestamps (SKILL.md).
- Boundary markers: There are no explicit boundary markers or instructions to ignore instructions embedded in the processed media metadata (SKILL.md).
- Capability inventory: The skill has the capability to execute shell commands and perform local network requests (SKILL.md).
- Sanitization: The skill lacks explicit sanitization or escaping logic for user input, such as filenames, which are directly interpolated into shell command strings (e.g., ffmpeg -i "$i"), posing a command injection risk.
Audit Metadata