claude-gif-optimize
Fail
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The Error Handling section instructs the agent to suggest 'sudo apt install gifsicle'. This constitutes a privilege escalation risk by encouraging the agent or user to execute commands with root-level administrative permissions.
- [COMMAND_EXECUTION]: Strategy 6 utilizes shell command substitution "$(...)" to dynamically build arguments for the "gifsicle" command. This method, particularly when parsing output from external tools acting on untrusted input files (via "gifsicle --info"), creates a potential command injection vector.
- [REMOTE_CODE_EXECUTION]: The skill invokes local scripts "gif_convert.sh" and "gif_optimize.py" and utilizes a specific Python interpreter at "~/.video-skill/bin/python3". These files are external to the skill's source and their contents cannot be verified, posing a risk of executing unvetted code.
- [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection through the processing of untrusted user-supplied GIF files.
- Ingestion points: Metadata and file information are extracted from "INPUT.gif" using "ffprobe" and "gifsicle" in Step 2.
- Boundary markers: There are no delimiters used to isolate or ignore embedded instructions within the ingested file data.
- Capability inventory: The skill has extensive access to the "Bash" tool, which allows for file system modifications and execution of complex shell pipelines.
- Sanitization: While Strategy 6 uses "grep" for basic filtering, most extracted metadata is used in reporting or command construction without comprehensive validation.
Recommendations
- AI detected serious security threats
Audit Metadata