gif-analyzer
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill documentation in
SKILL.mddescribes a process where user-supplied file paths are parsed and interpolated into a shell command for theextract_gif_frames.pyscript. This represents an indirect prompt injection surface where a maliciously crafted path could lead to arbitrary command execution if not properly sanitized by the agent. - Ingestion points: File paths provided by the user as part of the
/gifcommand (identified inSKILL.md). - Boundary markers: Absent. No instructions are provided to the agent to treat the input as untrusted or to use delimiters.
- Capability inventory: The skill utilizes shell command execution via
python3and file system writes for extracted frames and metadata. - Sanitization: Absent. No validation or escaping instructions for the
<gif_path>variable are included in the skill. - [EXTERNAL_DOWNLOADS]: The skill's troubleshooting section suggests installing the
Pillowlibrary viapip.Pillowis a widely recognized and well-known image processing library.
Audit Metadata