gif-search
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill uses environment variables for the Tenor API key, adhering to best practices for secret management.
- [EXTERNAL_DOWNLOADS]: Fetches media and configuration from official Tenor/Google API endpoints (tenor.googleapis.com), which is a well-known and trusted service.
- [PROMPT_INJECTION]: The skill processes external data from the Tenor API, creating a surface for potential indirect prompt injection through search results (titles/tags). However, given the specific context of retrieving media URLs, this is considered a negligible risk surface. • Ingestion points: API responses processed in SKILL.md. • Boundary markers: None present. • Capability inventory: Shell execution (curl, jq), file-write (-o). • Sanitization: JSON results are parsed with jq, but text fields are not sanitized.
Audit Metadata