slack-gif-creator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): The skill contains no instructions designed to override system prompts, bypass safety filters, or extract internal instructions. Natural instructional language is used appropriately for its intended purpose.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials, API keys, or sensitive file paths were detected. The skill performs local image processing and does not include any network-related code (e.g., requests, curl) that could facilitate data exfiltration.
- Obfuscation (SAFE): The source code is clean and readable. No multi-layer Base64, zero-width characters, homoglyphs, or other obfuscation techniques are present.
- Unverifiable Dependencies (SAFE): All dependencies (Pillow, imageio, numpy) are standard, reputable packages from the official PyPI registry used correctly for the skill's functionality.
- Privilege Escalation & Persistence (SAFE): The skill does not use
sudo, modify system files, or attempt to establish persistence through shell profiles or cron jobs. - Indirect Prompt Injection (SAFE): The skill accepts user-uploaded images for processing, but it lacks the capability to parse or execute instructions that might be embedded within that data (e.g., it does not perform OCR or follow text instructions found inside images).
- Dynamic Execution (SAFE): No use of
eval(),exec(), or dynamic loading of untrusted modules was found. The logic for generating GIF frames is purely programmatic using the Pillow library.
Audit Metadata