hyperframes-creative

Warn

Audited by Gen Agent Trust Hub on Jun 27, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The script scripts/package-loader.mjs implements a custom bootstrapper that downloads and installs Node.js packages using npm install into a temporary directory at runtime. This allows the skill to fetch external code not present at installation time.
  • [REMOTE_CODE_EXECUTION]: Combined with the dynamic installation mechanism, scripts/package-loader.mjs uses import() and spawnSync to execute the downloaded code. This behavior facilitates the execution of unverified external dependencies.
  • [COMMAND_EXECUTION]:
  • The skill executes the ffmpeg system command via subprocess.run in scripts/extract-audio-data.py to process media files.
  • The skill executes npm or npm.cmd via spawnSync in scripts/package-loader.mjs to manage dependencies.
  • [PROMPT_INJECTION]: The design and expansion workflows defined in references/prompt-expansion.md and references/design-picker.md involve interpolating untrusted user input directly into complex templates. This creates an attack surface for indirect prompt injection.
  • Ingestion points: User-provided headlines and sublines are interpolated into architecture previews in references/design-picker.md.
  • Boundary markers: Absent; the logic relies on simple token replacement (e.g., {{prompt_headline}}).
  • Capability inventory: The skill has significant capabilities including file system writes, network access (via npm), and shell command execution.
  • Sanitization: No automated sanitization is implemented for the interpolated content, though documentation mentions a manual rule against script tags.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 27, 2026, 11:29 PM
Security Audit — agent-trust-hub — hyperframes-creative