gifhorse
Warn
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill clones a software repository from an untrusted source:
https://github.com/Coyote-git/gifhorse. While the skill author is noted as openclaw, the resources are hosted under a different GitHub user account. - [REMOTE_CODE_EXECUTION]: The installation sequence includes
pip install -e .within the cloned directory. This command executes thesetup.pyor build scripts of the downloaded repository, which constitutes execution of remote code from an unverified source. - [COMMAND_EXECUTION]: The skill makes extensive use of shell commands for setup and operation, including
brew install ffmpeg-fulland various sub-commands of thegifhorseCLI tool which interact with the local file system. - [PROMPT_INJECTION]: The skill processes untrusted external data by downloading subtitles from online providers for transcription.
- Ingestion points: Subtitles automatically fetched from third-party providers during the
transcribeandfetch-subtitlesoperations. - Boundary markers: None identified in the prompt templates.
- Capability inventory: File system read/write, network access for subtitle fetching, and subprocess execution via
gifhorseandffmpeg. - Sanitization: No evidence of sanitization for the dialogue content extracted from external subtitles before it is processed by the agent.
Audit Metadata