slack-gif-creator
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill defines several standard dependencies in requirements.txt including pillow, imageio, imageio-ffmpeg, and numpy. These are fetched from the official Python Package Index (PyPI) during installation.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection through its handling of user-provided data.
- Ingestion points: The skill is designed to load and process user-uploaded images as described in SKILL.md using Image.open().
- Boundary markers: There are no explicit delimiters or system instructions provided to the agent to disregard potential instructions embedded in image metadata or text content within images.
- Capability inventory: The skill includes the ability to write files to the local system using imageio.v3.imwrite in core/gif_builder.py. It does not possess network or shell execution capabilities.
- Sanitization: There is no evidence of metadata sanitization or validation of the content within the ingested image files to prevent the agent from interpreting embedded text as instructions.
Audit Metadata