slack-gif-creator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is designed to process user-uploaded images, which serves as a potential ingestion point for indirect prompt injection attacks where malicious instructions are embedded in image content or metadata.
- Ingestion points:
uploaded = Image.open('file.png')inSKILL.md. - Boundary markers: Absent. The skill does not provide delimiters or warnings to the agent to ignore instructions found within user-provided image data.
- Capability inventory: File system writing (
builder.save), extensive image manipulation via Pillow, and frame optimization. - Sanitization: Absent. There is no logic provided to sanitize metadata or validate that the image does not contain textual instructions meant for the LLM.
- [Unverifiable Dependencies] (SAFE): The skill specifies standard, well-known Python packages (
pillow,imageio,numpy) for installation. These are considered trustworthy dependencies for the stated purpose of image processing. - [Data Exposure & Exfiltration] (SAFE): No patterns for accessing sensitive system files, environment variables, or performing unauthorized network requests were detected. File access is limited to the intended workflow of processing images.
- [Command Execution] (SAFE): The skill uses standard Python libraries for its operations. There is no use of
os.system,subprocess, or other methods to execute arbitrary shell commands. - [Dynamic Execution] (SAFE): No use of
eval(),exec(), or dynamic code generation was found in the provided workflow or utility descriptions.
Audit Metadata