slack-gif-creator
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to ingest and process user-provided images, which constitutes a surface for indirect prompt injection where malicious instructions could be embedded in metadata or visually within the image content.
- Ingestion points: The SKILL.md documentation describes a workflow for opening user-uploaded files using the PIL library.
- Boundary markers: No specific delimiters or instructions are provided to ensure the agent ignores semantic content or instructions found within the processed images.
- Capability inventory: The skill includes file-writing capabilities through the GIFBuilder.save method in core/gif_builder.py, which uses imageio.imwrite.
- Sanitization: The skill employs industry-standard libraries (Pillow and ImageIO) which provide secure decoding of image formats, but it lacks sanitization for potential semantic instructions.
Audit Metadata