Trust Assessment
veo3-gen received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 1 medium, and 0 low severity. Key findings include Command Injection via ffmpeg arguments, Arbitrary File Read and Write via User-Controlled Paths, Unpinned Dependencies for `uv run`.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Command Injection via ffmpeg arguments The skill description explicitly states that `ffmpeg` is used for stitching video segments. User-controlled arguments such as `--filename`, `--prompt`, `--base-style`, `--segment-prompt`, and `--reference-image` are passed to the `generate_video.py` script. If these arguments are directly interpolated into a shell command that invokes `ffmpeg` without proper sanitization or escaping, a malicious user could inject arbitrary shell commands. This could lead to remote code execution, data exfiltration, or system compromise. The `generate_video.py` script must ensure all user-provided inputs passed to `ffmpeg` or any other external command are properly sanitized and escaped. The safest approach is to use `subprocess.run()` with a list of arguments (e.g., `['ffmpeg', '-i', user_input_filename, ...]`) and `shell=False` to prevent shell interpretation. Additionally, validate and restrict file paths to prevent directory traversal. | LLM | SKILL.md:30 | |
| HIGH | Arbitrary File Read and Write via User-Controlled Paths The skill allows users to specify an output filename via `--filename "out.mp4"` and a reference image path via `--reference-image path.jpg`. If the `generate_video.py` script does not validate or restrict these paths, a malicious user could:
* **Read arbitrary files**: By providing paths to sensitive system files (e.g., `/etc/passwd`, `~/.ssh/id_rsa`) via `--reference-image`. While the `SKILL.md` does not explicitly show exfiltration, the ability to read arbitrary files by the skill's process creates a potential for data exfiltration if the image content is later processed or uploaded.
* **Write arbitrary files**: By providing an absolute path or a path with directory traversal sequences (`../`) via `--filename` to overwrite arbitrary files on the system. This could lead to denial of service or privilege escalation. The `generate_video.py` script must implement strict input validation for all user-provided file paths. Paths should be sanitized to prevent directory traversal (`../`) and restricted to a designated working directory or output folder. Absolute paths should generally be disallowed unless explicitly required and carefully validated. | LLM | SKILL.md:22 | |
| MEDIUM | Unpinned Dependencies for `uv run` The skill uses `uv run {baseDir}/scripts/generate_video.py`. The `SKILL.md` does not specify or imply pinned versions for the Python dependencies required by `generate_video.py`. Without pinned dependencies (e.g., in a `requirements.txt` or `pyproject.toml` with exact versions), there's a risk that future installations could pull in vulnerable or incompatible versions of libraries, leading to security issues (e.g., pulling a version with a known CVE) or runtime errors. Ensure that `generate_video.py`'s dependencies are explicitly pinned to exact versions in a `requirements.txt` or `pyproject.toml` file. Use a lock file mechanism (e.g., `uv lock`) to ensure reproducible and secure environments. | LLM | SKILL.md:19 |
Scan History
Embed Code
[](https://skillshield.io/report/35d1a86d5f97d7f4)
Powered by SkillShield