Skills
skills/winsorllc/upgraded-carnival/gifgrep/Gen Agent Trust Hub

gifgrep

Fail

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The functions extractStill and createContactSheet in gifgrep.js use execSync to run ffmpeg commands. Multiple parameters, including timestamp, width, columns, and output, are interpolated directly into the command string without sanitization. This allows an attacker to execute arbitrary shell commands by providing malicious input values.
  • [EXTERNAL_DOWNLOADS]: The download and request methods in gifgrep.js fetch content from arbitrary URLs provided at runtime. This creates an attack surface for downloading untrusted content onto the host system or performing Server-Side Request Forgery (SSRF) against internal network resources.
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection.
  • Ingestion points: Data is ingested from external API responses (GIPHY and Tenor) via the search and getTrending functions in gifgrep.js.
  • Boundary markers: No delimiters or safety instructions are used when handling data retrieved from external GIF providers.
  • Capability inventory: The skill has the capability to execute shell commands via execSync, perform network operations via https.get, and write to the local filesystem.
  • Sanitization: There is no evidence of sanitization or validation of data retrieved from external APIs before it is potentially used in downstream operations or shell command interpolation.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 1, 2026, 05:11 AM