slack-gif-creator
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- Prompt Injection (SAFE): No patterns of instruction override or safety filter bypass were found in the provided files.
- Data Exposure & Exfiltration (SAFE): No sensitive file access or network communication detected.
- Obfuscation (SAFE): No encoded or hidden content found.
- Unverifiable Dependencies & Remote Code Execution (LOW): Uses trusted libraries from requirements.txt; imageio-ffmpeg may download binaries from a trusted source (imageio-ffmpeg-binaries) at runtime.
- Indirect Prompt Injection (LOW): 1. Ingestion points: User-provided text and emoji strings are ingested via object_data in various templates (e.g., templates/pulse.py). 2. Boundary markers: Absent. 3. Capability inventory: File writing is performed via imageio.imwrite in core/gif_builder.py. 4. Sanitization: Absent; content is rendered directly into image frames.
- Dynamic Execution (SAFE): No unsafe code execution or deserialization detected.
- Privilege Escalation (SAFE): No unauthorized permission requests found.
- Persistence Mechanisms (SAFE): No persistence attempts detected.
- Metadata Poisoning (SAFE): Metadata is consistent with functionality.
- Time-Delayed / Conditional Attacks (SAFE): No time-gated malicious logic found.
Audit Metadata