Skills
skills/gen-verse/openclaw-rl/gifgrep/Gen Agent Trust Hub

gifgrep

Warn

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the agent to install the gifgrep binary from external, non-trusted sources: a Homebrew tap (steipete/tap/gifgrep) and a Go module (github.com/steipete/gifgrep/cmd/gifgrep@latest).
  • [COMMAND_EXECUTION]: The skill executes the gifgrep command to search for GIFs, interact with a TUI, and process images into stills or contact sheets. This involves running external binaries with user-controlled arguments.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection from data retrieved via GIF provider APIs.
  • Ingestion points: Metadata such as titles and tags are fetched from Tenor and Giphy APIs (SKILL.md).
  • Boundary markers: No markers are defined to separate untrusted API data from the agent's instructions.
  • Capability inventory: The skill allows execution of the gifgrep binary and file system access to ~/Downloads (SKILL.md).
  • Sanitization: No sanitization is performed on the data retrieved from external GIF providers before processing or display.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 12, 2026, 02:37 AM