slack-gif-creator
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill possesses a surface for indirect prompt injection because it ingests untrusted image data and has file-writing capabilities.\n
- Ingestion points: The skill ingests user-provided images via
PIL.Image.openas described inSKILL.mdand implemented incore/validators.py.\n - Boundary markers: Absent. There are no delimiters or instructions provided to the agent to ignore potentially malicious text or commands visually embedded in uploaded images.\n
- Capability inventory: The skill can write files to the local filesystem using
imageio.imwritewithin theGIFBuilder.savemethod incore/gif_builder.py.\n - Sanitization: Absent. The skill does not perform any content-based sanitization or OCR-based filtering on ingested images.\n- SAFE (SAFE): No malicious behaviors such as credential exfiltration, unauthorized network connections, or persistence mechanisms were found. The skill utilizes well-known and trusted Python libraries.\n- LOW (LOW): The skill is currently incomplete or broken. Multiple template files (e.g.,
templates/flip.py,templates/pulse.py,templates/spin.py) reference a missing internal modulecore.typography. Additionally, functions such asdraw_emojianddraw_emoji_enhancedare imported fromcore.frame_composerin various templates but are not actually defined in the providedcore/frame_composer.pyfile.
Audit Metadata