gsap
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a development reference and utility for GSAP animations. No malicious patterns such as prompt injection, persistence, or data exfiltration were detected.
- [COMMAND_EXECUTION]: The script
scripts/extract-audio-data.pyutilizessubprocess.runto call theffmpegbinary for audio decoding. The command is constructed using a list of arguments without shell invocation (shell=False), which is a secure implementation for invoking local system tools for media processing. - [EXTERNAL_DOWNLOADS]: The
SKILL.mdandreferences/effects.mdfiles include HTML script tags that load GSAP and its plugins fromcdn.jsdelivr.net. These are standard, versioned references to a well-known public CDN for JavaScript libraries. - [DATA_EXFILTRATION]: Documentation in
references/effects.mdmentions loading JSON data viaXMLHttpRequest. This is described as a synchronous operation necessary for deterministic timeline construction in the FrameVideo rendering environment and does not involve exfiltration of sensitive user data.
Audit Metadata