gifgrep
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [NO_CODE]: The skill package is documentation-only and does not provide any executable files, scripts, or installation logic for the gifgrep tool.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it involves the agent processing data from external providers. \n- Ingestion points: GIF titles, tags, and metadata from Tenor and Giphy APIs. \n- Boundary markers: None mentioned in the usage documentation. \n- Capability inventory: Local command execution of gifgrep and file system writes to ~/Downloads. \n- Sanitization: No sanitization of provider-sourced metadata is described.
- [SAFE]: No evidence of malicious intent, obfuscation, or unauthorized data access was detected in the provided instructional content.
Audit Metadata