slack-gif-creator
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (INFO): The skill utilizes standard Python packages (pillow, imageio, imageio-ffmpeg, and numpy) from PyPI. These are common libraries for image and video processing.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill's ability to process user-uploaded images introduces a potential surface for indirect injection. 1. Ingestion points: User-uploaded image files via PIL (core/gif_builder.py). 2. Boundary markers: None present; the skill lacks explicit markers to distinguish between image data and potential embedded instructions. 3. Capability inventory: Local file writing (imageio.imwrite in core/gif_builder.py). No network or command execution capabilities are exposed. 4. Sanitization: Relies on the standard decoding logic within the Pillow library.
Audit Metadata