slack-gif-creator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill creates a high-privilege attack surface by combining untrusted data ingestion with file-modification capabilities.
- Ingestion points: SKILL.md instructs the agent to load and process user-provided image files using PIL.Image.open().
- Boundary markers: There are no explicit delimiters or instructions provided to the agent to ignore or isolate instructions potentially embedded in image content or metadata.
- Capability inventory: The GIFBuilder.save method in core/gif_builder.py uses imageio.imwrite to write data to the filesystem at paths designated by the agent.
- Sanitization: The skill lacks validation or sanitization logic to detect or neutralize adversarial instructions that might be interpreted by an agent's vision or metadata-processing layers during image analysis.
Recommendations
- AI detected serious security threats
Audit Metadata