video-to-gif
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes system utilities including
ffmpeg,ffprobe, andgifsiclevia thesubprocess.run()function. It correctly passes arguments as a list of strings rather than usingshell=True, which is a standard security best practice to prevent shell injection vulnerabilities. User-provided inputs such as start/end times and GIF parameters are validated as specific types (float, int) by theargparsemodule, further reducing the risk of injection. - [DATA_EXPOSURE]: Analysis of the source code confirms that file access is restricted to the input video file provided by the user and the resulting GIF output files. The skill does not attempt to access sensitive system files (e.g., credentials, SSH keys) or environment variables.
- [REMOTE_CODE_EXECUTION]: The skill does not perform any network operations, download external scripts, or use dynamic execution functions like
eval()orexec(). It relies entirely on standard Python libraries and local system binaries. - [PROMPT_INJECTION]: The skill instructions in
SKILL.mdare purely functional and do not contain any patterns intended to bypass agent safety filters or override system instructions.
Audit Metadata