gifgrep

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the gifgrep binary from an external source.
  • Evidence: Installation instructions point to steipete/tap/gifgrep via Homebrew and github.com/steipete/gifgrep/cmd/gifgrep@latest via Go.
  • [COMMAND_EXECUTION]: The skill relies on the execution of the external gifgrep binary to perform its core functions.
  • Evidence: The instructions utilize various gifgrep subcommands like search, tui, still, and sheet to process image data.
  • [DATA_EXPOSURE]: The skill accesses the local filesystem to save downloads.
  • Evidence: The --download flag is documented to save files to the ~/Downloads directory.
  • [CREDENTIALS_UNSAFE]: The skill references the use of API keys for GIF providers.
  • Evidence: Documentation mentions GIPHY_API_KEY and TENOR_API_KEY environment variables. This follows standard secure practices for credential management by not hardcoding secrets.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 06:06 AM
Security Audit — agent-trust-hub — gifgrep