hyperframes-cli
Pass
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill extensively uses
npx hyperframesto run various development tasks such as project initialization, linting, visual inspection, and rendering. These are standard operations for a developer tool. - [EXTERNAL_DOWNLOADS]: The tool downloads project templates during the
initphase and fetches specialized AI models for tasks like text-to-speech, transcription, and background removal when first executed. It also manages a bundled version of the Chrome browser for rendering. - [DYNAMIC_EXECUTION]: Commands such as
inspectandrenderinvolve running local HTML and JavaScript code within a headless Chrome instance to generate or audit video frames. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data in the form of user-provided HTML files and command-line variables (
--variables). These inputs are executed in a browser environment during the rendering and inspection process, representing an attack surface for indirect injection. However, this is inherent to the tool's primary function of rendering web content.
Audit Metadata