hyperframes-creative
Warn
Audited by Gen Agent Trust Hub on Jun 27, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The script
scripts/package-loader.mjsimplements a custom bootstrapper that downloads and installs Node.js packages usingnpm installinto a temporary directory at runtime. This allows the skill to fetch external code not present at installation time. - [REMOTE_CODE_EXECUTION]: Combined with the dynamic installation mechanism,
scripts/package-loader.mjsusesimport()andspawnSyncto execute the downloaded code. This behavior facilitates the execution of unverified external dependencies. - [COMMAND_EXECUTION]:
- The skill executes the
ffmpegsystem command viasubprocess.runinscripts/extract-audio-data.pyto process media files. - The skill executes
npmornpm.cmdviaspawnSyncinscripts/package-loader.mjsto manage dependencies. - [PROMPT_INJECTION]: The design and expansion workflows defined in
references/prompt-expansion.mdandreferences/design-picker.mdinvolve interpolating untrusted user input directly into complex templates. This creates an attack surface for indirect prompt injection. - Ingestion points: User-provided headlines and sublines are interpolated into architecture previews in
references/design-picker.md. - Boundary markers: Absent; the logic relies on simple token replacement (e.g.,
{{prompt_headline}}). - Capability inventory: The skill has significant capabilities including file system writes, network access (via npm), and shell command execution.
- Sanitization: No automated sanitization is implemented for the interpolated content, though documentation mentions a manual rule against script tags.
Audit Metadata