Trust Assessment
ffmpeg-cli received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 1 medium, and 0 low severity. Key findings include Missing required field: name, Command Injection via FFmpeg Filter Graph, Data Exfiltration and Arbitrary File Access via FFmpeg Concat Demuxer.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Command Injection via FFmpeg Filter Graph The `watermark.sh` script directly embeds user-controlled input (`$POS`) into an FFmpeg filter graph string without proper sanitization. This allows a malicious user to inject arbitrary FFmpeg filters, including those capable of executing shell commands (e.g., `drawtext` filter with `%{exec:command}` or `$(command)` syntax). An attacker can craft the `$POS` argument to execute arbitrary commands on the system where the skill is run. Sanitize the `$POS` variable to ensure it only contains expected coordinate values (e.g., `X:Y`). Use a regular expression to validate the input, such as `^[0-9]+:[0-9]+$`. Do not allow arbitrary strings to be inserted into FFmpeg filter graphs, as they are a common vector for command injection. | LLM | scripts/watermark.sh:30 | |
| HIGH | Data Exfiltration and Arbitrary File Access via FFmpeg Concat Demuxer The `merge.sh` script uses the FFmpeg `concat` demuxer with the `-safe 0` option. This option disables security checks, allowing FFmpeg to read and process arbitrary file paths specified in the input list (`$TEMP_LIST`). Since the `$TEMP_LIST` is populated with user-provided filenames (`$@`), a malicious user can specify paths to sensitive system files (e.g., `/etc/passwd`, `/etc/shadow`) as input. These files would then be concatenated and potentially embedded into the output video, leading to data exfiltration if the output file is also user-controlled. Additionally, the script uses `echo "file '$f'"` to write filenames to the temporary list, which is vulnerable to single-quote injection if a filename contains a single quote, potentially leading to malformed FFmpeg input. Avoid using `-safe 0` with the FFmpeg `concat` demuxer when processing untrusted input. If merging arbitrary files is necessary, implement strict validation to ensure all input file paths are within a designated, sandboxed directory and do not contain path traversal sequences (`..`). Additionally, ensure filenames written to the temporary list are properly escaped to prevent syntax errors (e.g., `printf "file '%s'\n" "$(echo "$f" | sed "s/'/'\\''/g")"`). | LLM | scripts/merge.sh:29 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/ascendswang/ffmpeg-cli/SKILL.md:1 |
Scan History
Embed Code
[](https://skillshield.io/report/9383fc368d8c6831)
Powered by SkillShield