video-to-gif
Warn
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [External Dependencies] (LOW): The skill requires moviepy, Pillow, imageio, and numpy. These are trusted packages but process complex binary data formats which increase the attack surface.
- [Command Execution] (LOW): MoviePy executes FFmpeg commands; un-sanitized input parameters or filenames could potentially lead to command injection in the underlying implementation.
- [Indirect Prompt Injection] (LOW): The skill ingests untrusted video files which could contain malicious metadata or embedded instructions intended to influence the agent.
- [Unverifiable Logic] (MEDIUM): The core implementation file 'scripts/gif_workshop.py' is missing from the skill folder, making it impossible to audit the actual script for security vulnerabilities or malicious logic.
Audit Metadata