Trust Assessment
veo3-video-gen received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 12 findings: 5 critical, 6 high, 1 medium, and 0 low severity. Key findings include Arbitrary command execution, Unsafe deserialization / dynamic eval, Dangerous call: subprocess.run().
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Manifest Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 9c1b8e80). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings12
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/bluelyw/veo3-video-gen/scripts/generate_video.py:49 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/bluelyw/veo3-video-gen/scripts/generate_video.py:72 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/bluelyw/veo3-video-gen/scripts/generate_video.py:170 | |
| CRITICAL | Arbitrary command execution Python shell execution (os.system, subprocess) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/bluelyw/veo3-video-gen/scripts/generate_video.py:195 | |
| CRITICAL | FFmpeg concat list filename injection The `ffmpeg_concat` function constructs a concat list file using `f"file '{p.as_posix()}'"`. If a user-controlled filename (derived from `args.filename`) contains a single quote, it can break out of the quoted path in the concat list, allowing injection of arbitrary FFmpeg commands or other directives that the concat demuxer will interpret. This can lead to arbitrary command execution via FFmpeg. The `p.as_posix()` string must be properly escaped for use within single quotes in the FFmpeg concat list file. A robust solution involves sanitizing `args.filename` to disallow special characters (like single quotes or path separators) or using a different method for concatenating videos that does not involve parsing a text file vulnerable to injection. | LLM | scripts/generate_video.py:160 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'extract_last_frame_png'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/bluelyw/veo3-video-gen/scripts/generate_video.py:72 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'ffmpeg_concat'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/bluelyw/veo3-video-gen/scripts/generate_video.py:170 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'ffmpeg_concat'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/bluelyw/veo3-video-gen/scripts/generate_video.py:195 | |
| HIGH | Dangerous call: subprocess.run() Call to 'subprocess.run()' detected in function 'require_bin'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/bluelyw/veo3-video-gen/scripts/generate_video.py:49 | |
| HIGH | Arbitrary file write via crafted output filename The skill uses `args.filename` (user-controlled input) to construct output paths for generated video segments (`segment_path`), last frame images (`last_frame_path`), and the final concatenated video (`final_output_path`). If `args.filename` contains path traversal sequences (e.g., `../../evil.mp4`), the skill can be coerced into writing files to arbitrary locations on the filesystem, potentially overwriting critical system files or writing to sensitive directories. Sanitize `args.filename` to prevent path traversal sequences (e.g., `..`, `/`) or restrict output files to a designated, sandboxed directory. Ensure that `Path(filename).resolve()` is used and checked against an allowed base directory, or simply disallow path separators in the filename. | LLM | scripts/generate_video.py:100 | |
| HIGH | Arbitrary file read/upload via crafted reference image path The skill accepts `--reference-image` arguments, which are treated as file paths and passed directly to `genai.upload_file()`. If a user provides a path with traversal sequences (e.g., `../../etc/passwd`), the skill could be tricked into reading and uploading arbitrary files from the filesystem to the Gemini API. This constitutes a data exfiltration risk. Sanitize `args.reference_image` paths to prevent path traversal sequences (e.g., `..`, `/`) or restrict reference images to a designated, sandboxed directory. Ensure that `Path(ref_img_path).resolve()` is used and checked against an allowed base directory. | LLM | scripts/generate_video.py:300 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/bluelyw/veo3-video-gen/scripts/generate_video.py:211 |
Scan History
Embed Code
[](https://skillshield.io/report/04057bb1dd18163c)
Powered by SkillShield