video-to-gif
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is susceptible to indirect prompt injection because it ingests untrusted data from video files and text overlay strings. Ingestion points: Video source files and text parameters in methods like add_text and add_caption_bar as shown in SKILL.md. Boundary markers: Absent in the provided documentation. Capability inventory: The skill performs file system read and write operations via the moviepy dependency. Sanitization: No evidence of input validation or sanitization for user-provided strings is provided.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill relies on well-known, versioned Python packages from standard registries. Evidence: requirements.txt specifies moviepy, Pillow, imageio, and numpy, all of which are trusted libraries for media processing. Note: The actual implementation script (scripts/gif_workshop.py) was not provided for a full security audit of the execution logic.
Audit Metadata