slack-gif-creator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- SAFE (SAFE): No security issues detected. The skill performs localized image processing tasks using standard libraries like Pillow and imageio.
- Data Exposure & Exfiltration (SAFE): No sensitive file access or network communication was detected. The skill only writes generated GIF files to the local file system as intended by its primary purpose.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The dependencies listed in requirements.txt (pillow, imageio, imageio-ffmpeg, numpy) are standard, well-known libraries for image processing. No dynamic code execution (eval/exec) or remote script fetching from untrusted sources was found.
- Indirect Prompt Injection (LOW): The skill possesses a surface for indirect prompt injection as it processes user-provided text and emojis, but the risk is negligible as these are rendered into image frames. Evidence Chain:
- Ingestion points: User-provided text, emojis, and colors in templates like flip.py and pulse.py.
- Boundary markers: Absent.
- Capability inventory: File write via imageio.imwrite in core/gif_builder.py.
- Sanitization: Absent, though inputs are rendered as pixels rather than interpreted as instructions.
Audit Metadata