gif-search
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection from third-party metadata retrieved via API calls.
- Ingestion point: gif-search.js parses response data from GIPHY and Tenor.
- Boundary markers: The skill output does not include delimiters or instructions for the agent to isolate external content.
- Capability inventory: The script uses the standard https module for network GET requests.
- Sanitization: No sanitization is performed on API-provided text such as titles or content descriptions.
- [SAFE]: Credential management uses environment variables and all network operations target well-known, trusted service domains.
Audit Metadata