Skills
skills/laststance/skills/gif-analyzer/Gen Agent Trust Hub

gif-analyzer

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [Indirect Prompt Injection] (MEDIUM): The skill processes untrusted external data (GIF files) and provides the output to the agent for interpretation.
  • Ingestion points: The <gif_path> provided by the user is passed to the extract_gif_frames.py script.
  • Boundary markers: None. The instructions do not specify delimiters for the extracted data.
  • Capability inventory: The skill uses python3 to execute a local script, reads from the file system, and writes extracted frames/metadata to disk.
  • Sanitization: The script performs a basic check for the .gif extension, but does not sanitize the content of the GIF itself (metadata or visual content) which could contain adversarial instructions intended to influence the agent.
  • [Command Execution] (LOW): The skill invokes a local Python script using python3 with arguments derived from user input (gif_path). While the script performs a suffix check, it does not prevent the agent from attempting to read sensitive files if they are renamed with a .gif extension.
  • [External Downloads] (LOW): The documentation recommends installing the Pillow package via pip. This is a standard image processing library but constitutes an external dependency requirement.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 08:41 AM