slack-gif-creator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill utilizes standard, well-known Python packages including pillow, imageio, and numpy as defined in requirements.txt. These are sourced from the official Python Package Index (PyPI).
- [DATA_EXFILTRATION] (SAFE): Analysis of core/gif_builder.py and core/validators.py confirms that all data processing, including GIF assembly and validation, occurs locally on the system. No network-capable libraries (like requests or urllib) are imported or used.
- [COMMAND_EXECUTION] (SAFE): The skill does not use subprocess, os.system, or any other mechanism to interact with the system shell. All animation and drawing logic is implemented using pure Python and the Pillow library.
- [INDIRECT_PROMPT_INJECTION] (SAFE): The skill handles user-uploaded images as ingestion points (SKILL.md). Mandatory Evidence Chain: 1. Ingestion points: User-uploaded images via Image.open; 2. Boundary markers: Absent; 3. Capability inventory: Local file write via imageio.imwrite, no network or shell access; 4. Sanitization: Input is processed strictly as visual pixel data by PIL, which naturally sanitizes embedded text instructions.
Audit Metadata