gifgrep
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
gifgrepbinary from an external source. - Evidence: Installation instructions point to
steipete/tap/gifgrepvia Homebrew andgithub.com/steipete/gifgrep/cmd/gifgrep@latestvia Go. - [COMMAND_EXECUTION]: The skill relies on the execution of the external
gifgrepbinary to perform its core functions. - Evidence: The instructions utilize various
gifgrepsubcommands likesearch,tui,still, andsheetto process image data. - [DATA_EXPOSURE]: The skill accesses the local filesystem to save downloads.
- Evidence: The
--downloadflag is documented to save files to the~/Downloadsdirectory. - [CREDENTIALS_UNSAFE]: The skill references the use of API keys for GIF providers.
- Evidence: Documentation mentions
GIPHY_API_KEYandTENOR_API_KEYenvironment variables. This follows standard secure practices for credential management by not hardcoding secrets.
Audit Metadata