Context-Inappropriate Capability
Medium
- Confidence
- 98% confidence
- Finding
- The script automatically downloads an ffmpeg binary from the internet into `/tmp` and executes it, creating a supply-chain and arbitrary-code-execution risk if the remote source, transport, local temp path, or extracted artifact is compromised. This is especially dangerous because ffmpeg is a native executable run on the user's machine, and the behavior happens implicitly during normal subtitle rendering.
