Trust Assessment
video-frames received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 1 critical, 1 high, 0 medium, and 0 low severity. Key findings include Unquoted user-controlled variable in ffmpeg filter graph allows command injection, User-controlled variables in ffmpeg arguments may allow injection.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 18, 2026 (commit b62bd290). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Unquoted user-controlled variable in ffmpeg filter graph allows command injection The `$index` variable, which is directly controlled by user input via the `--index` argument, is interpolated into the `ffmpeg` filter graph string `select=eq(n\,${index})` without proper quoting or sanitization. An attacker can inject arbitrary shell commands by providing a malicious value for `--index` (e.g., `0); rm -rf /; #`), leading to remote code execution. This is a direct and unmitigated command injection vulnerability. Validate the `$index` variable to ensure it is a non-negative integer before using it in the `ffmpeg` command. If non-integer values are required, they must be strictly sanitized and escaped according to `ffmpeg`'s filter graph syntax, which is complex. Integer validation is the safest approach. | LLM | scripts/frame.sh:66 | |
| HIGH | User-controlled variables in ffmpeg arguments may allow injection The variables `$in`, `$time`, and `$out` are directly controlled by user input and are passed as arguments to `ffmpeg` within double quotes. While double-quoting prevents simple word splitting, certain shell metacharacters (like single quotes, backticks, or semicolons) or `ffmpeg`-specific injection techniques could potentially allow an attacker to break out of the quoted string and inject arbitrary commands or manipulate `ffmpeg`'s behavior in unintended ways. For example, an input path like `video.mp4' -f lavfi -i 'nullsrc' -c:v copy -y /tmp/evil.mp4 #` could be used to inject additional `ffmpeg` arguments or shell commands. Implement stricter validation for all user-provided inputs (`$in`, `$time`, `$out`). For file paths, ensure they are valid, canonicalized (e.g., using `realpath`), and do not contain shell metacharacters. For timestamps, validate the format (e.g., `HH:MM:SS`). Consider using `printf %q` for arguments that must be treated as literal strings, or pass them as separate, explicitly defined arguments to `ffmpeg` where possible, rather than embedding them in complex strings. | LLM | scripts/frame.sh:64 |
Scan History
Embed Code
[](https://skillshield.io/report/15cd29637d85364a)
Powered by SkillShield