Trust Assessment
gifhorse received a trust score of 87/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 3 findings: 0 critical, 0 high, 2 medium, and 1 low severity. Key findings include Unpinned Git Repository Installation, Destructive Command Exposure, Potential Data Exfiltration via iMessage.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Unpinned Git Repository Installation The skill's installation command uses `git clone` without specifying a particular commit hash or version tag. This means it will always pull the latest version from the default branch. If the upstream repository is compromised, malicious code could be introduced into the user's environment without their explicit consent or knowledge, posing a supply chain risk. Pin the `git clone` command to a specific commit hash or version tag (e.g., `git clone -b v1.2.3 https://github.com/Coyote-git/gifhorse.git ~/gifhorse` or `git clone https://github.com/Coyote-git/gifhorse.git ~/gifhorse && cd ~/gifhorse && git checkout <commit_hash>`). This ensures deterministic and reproducible installations, mitigating risks from unexpected upstream changes. | LLM | SKILL.md:15 | |
| MEDIUM | Destructive Command Exposure The `gifhorse remove` command allows users to delete videos based on path patterns, including SQL LIKE wildcards. If an LLM is prompted to generate a broad or malicious pattern (e.g., `gifhorse remove '%'`), it could lead to significant and irreversible data loss on the user's system. While this is an intended feature of the tool, exposing such a powerful destructive command to an LLM without strong safeguards increases the risk of misuse or accidental data deletion. Implement strict validation and confirmation steps within the LLM's interaction flow before generating or executing `gifhorse remove` commands, especially for broad patterns. Consider adding a warning in the skill's documentation about the destructive nature of this command and advising caution when using it with LLMs. | LLM | SKILL.md:139 | |
| LOW | Potential Data Exfiltration via iMessage The `gifhorse create ... --send-to NUMBER` command allows sending generated GIFs to arbitrary phone numbers via iMessage. If a user is tricked by a malicious prompt into creating a GIF containing sensitive information (e.g., from their local video library) and sending it to an attacker's phone number, this could lead to data exfiltration. While the feature itself is legitimate, its exposure to an LLM creates a vector for social engineering attacks. Advise the LLM to always confirm the recipient's phone number with the user before generating a `--send-to` command, especially if the number is not already configured or is new. Emphasize that users should only send GIFs to trusted contacts and be mindful of the content's sensitivity. | LLM | SKILL.md:121 |
Scan History
Embed Code
[](https://skillshield.io/report/97d050f75a8e09df)
Powered by SkillShield