slack-gif-creator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [General Security] (SAFE): The skill uses well-known image processing libraries (Pillow, imageio, numpy) for its core functionality. A thorough review of the code in core/ easing.py, frame_composer.py, gif_builder.py, and validators.py reveals no suspicious command execution, remote code triggers, or privilege escalation attempts.
- [Data Safety] (SAFE): Analysis found no hardcoded credentials, API keys, or access to sensitive file paths. The skill's file operations are restricted to processing images and saving the resulting GIF files, which is consistent with its stated purpose.
- [Indirect Prompt Injection] (SAFE): While the skill ingests user-uploaded images (an untrusted data surface), this is essential for its primary function. Evidence: (1) Ingestion points: Image loading via PIL in core/validators.py and as described in the SKILL.md workflow. (2) Boundary markers: Absent. (3) Capability inventory: Local file-writing via imageio.imwrite in core/gif_builder.py. (4) Sanitization: Input image data is processed through standard PIL routines. This is rated SAFE as the skill lacks high-risk capabilities like network access or shell execution that could be exploited via injection.
Audit Metadata