Trust Assessment
slack-gif-creator received a trust score of 37/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 7 findings: 0 critical, 3 high, 4 medium, and 0 low severity. Key findings include Unpinned Python dependency version, Arbitrary File Read via Image.open, Arbitrary File Write via GIFBuilder.save.
The analysis covered 4 layers: dependency_graph, manifest_analysis, llm_behavioral_safety, static_code_analysis. The llm_behavioral_safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 15, 2026 (commit 3e75fabd). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings7
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Arbitrary File Read via Image.open The skill explicitly demonstrates and uses `PIL.Image.open()` with user-controlled file paths. A malicious prompt could instruct the agent to open sensitive system files (e.g., `/etc/passwd`, `/root/.ssh/id_rsa`). While the skill's current code primarily extracts metadata (dimensions, frame count), the act of opening and processing such files could lead to indirect data exfiltration (e.g., by reporting errors, dimensions, or other derived properties of the file's content) or denial of service if the file is corrupted during processing. Implement strict input validation and sandboxing for file paths. Only allow access to a designated, isolated directory for user-uploaded or generated files. Avoid passing arbitrary user-controlled paths directly to file I/O functions. | Unknown | SKILL.md:38 | |
| HIGH | Arbitrary File Read via Image.open The `validate_gif` function in `core/validators.py` uses `PIL.Image.open()` with a `gif_path` parameter, which is expected to be user-controlled. A malicious prompt could instruct the agent to open sensitive system files (e.g., `/etc/passwd`, `/root/.ssh/id_rsa`). While the function primarily extracts metadata (dimensions, frame count), the act of opening and processing such files could lead to indirect data exfiltration (e.g., by reporting errors, dimensions, or other derived properties of the file's content) or denial of service if the file is corrupted during processing. Implement strict input validation and sandboxing for file paths. Only allow access to a designated, isolated directory for user-uploaded or generated files. Avoid passing arbitrary user-controlled paths directly to file I/O functions. | Unknown | core/validators.py:30 | |
| HIGH | Arbitrary File Write via GIFBuilder.save The `GIFBuilder.save()` method accepts an `output_path` parameter, allowing the skill to write generated GIF files to any location on the filesystem accessible to the agent. A malicious prompt could instruct the agent to save a GIF to a sensitive system directory (e.g., `/etc/nginx/html/malicious.gif`, `/root/.bashrc`), potentially overwriting critical files, introducing malicious content, or leading to denial of service. Implement strict input validation and sandboxing for file paths. Only allow writing to a designated, isolated output directory. Do not allow arbitrary user-controlled paths for file saving. | Unknown | core/gif_builder.py:200 | |
| MEDIUM | Unpinned Python dependency version Requirement 'pillow>=10.0.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Unknown | /tmp/skillscan-clone-m_mlnxwh/repo/skills/slack-gif-creator/requirements.txt:1 | |
| MEDIUM | Unpinned Python dependency version Requirement 'imageio>=2.31.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Unknown | /tmp/skillscan-clone-m_mlnxwh/repo/skills/slack-gif-creator/requirements.txt:2 | |
| MEDIUM | Unpinned Python dependency version Requirement 'imageio-ffmpeg>=0.4.9' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Unknown | /tmp/skillscan-clone-m_mlnxwh/repo/skills/slack-gif-creator/requirements.txt:3 | |
| MEDIUM | Unpinned Python dependency version Requirement 'numpy>=1.24.0' is not pinned to an exact version. Pin Python dependencies with '==<exact version>'. | Unknown | /tmp/skillscan-clone-m_mlnxwh/repo/skills/slack-gif-creator/requirements.txt:4 |
Scan History
Embed Code
[](https://skillshield.io/report/caa2a7454941709c)
Powered by SkillShield