motion-graphics

Pass

Audited by Gen Agent Trust Hub on Jun 27, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads geographic data and mapping libraries (MapLibre, TopoJSON) from trusted CDNs like cdn.jsdelivr.net to support its map-based graphics modules.
  • [COMMAND_EXECUTION]: The skill uses system utilities including ffmpeg, ffprobe, and node to process images, calculate coordinates, and render the final video files. These operations are performed within the expected scope of a video generation tool.
  • [REMOTE_CODE_EXECUTION]: During initialization, the skill uses npx hyperframes init to check for and apply updates to its core components from GitHub. This is a standard self-update mechanism for the HyperFrames toolset environment.
  • [PROMPT_INJECTION]: The skill processes untrusted data from external sources such as webpages, news articles, and tweets to create dynamic content. This represents an indirect prompt injection surface where external text could attempt to influence the sub-agents; however, the design uses a structured intermediate representation (JSON) to separate content from logic, which effectively mitigates typical injection risks.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 27, 2026, 11:28 PM
Security Audit — agent-trust-hub — motion-graphics