skills/chanjing-ai/framevideo/gsap/Gen Agent Trust Hub

gsap

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill serves as a development reference and utility for GSAP animations. No malicious patterns such as prompt injection, persistence, or data exfiltration were detected.
  • [COMMAND_EXECUTION]: The script scripts/extract-audio-data.py utilizes subprocess.run to call the ffmpeg binary for audio decoding. The command is constructed using a list of arguments without shell invocation (shell=False), which is a secure implementation for invoking local system tools for media processing.
  • [EXTERNAL_DOWNLOADS]: The SKILL.md and references/effects.md files include HTML script tags that load GSAP and its plugins from cdn.jsdelivr.net. These are standard, versioned references to a well-known public CDN for JavaScript libraries.
  • [DATA_EXFILTRATION]: Documentation in references/effects.md mentions loading JSON data via XMLHttpRequest. This is described as a synchronous operation necessary for deterministic timeline construction in the FrameVideo rendering environment and does not involve exfiltration of sensitive user data.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 12:12 PM
Security Audit — agent-trust-hub — gsap