Skills
skills/malue-ai/dazee-small/gifgrep/Gen Agent Trust Hub

gifgrep

Warn

Audited by Gen Agent Trust Hub on Mar 28, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the 'gifgrep' binary from a third-party GitHub repository (steipete/gifgrep) using either Homebrew or the Go toolchain.
  • [COMMAND_EXECUTION]: The skill primarily functions by executing the gifgrep binary to perform searches, download files to the local file system (specifically ~/Downloads), and generate image sheets.
  • [PROMPT_INJECTION]: The skill processes untrusted metadata (such as titles, tags, and URLs) retrieved from external API providers (Tenor and Giphy), which creates a surface for indirect prompt injection.
  • Ingestion points: Search results and metadata fields (id, title, url, tags) returned from the Tenor and Giphy APIs.
  • Boundary markers: None identified; the agent is instructed to process the output of the command directly.
  • Capability inventory: The agent can execute the gifgrep binary and perform file system operations like downloading images to the user's directory.
  • Sanitization: No sanitization or validation of the external API content is specified in the skill instructions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 28, 2026, 02:08 AM