hyperframes-cli

Pass

Audited by Gen Agent Trust Hub on Jun 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill extensively uses npx hyperframes to run various development tasks such as project initialization, linting, visual inspection, and rendering. These are standard operations for a developer tool.
  • [EXTERNAL_DOWNLOADS]: The tool downloads project templates during the init phase and fetches specialized AI models for tasks like text-to-speech, transcription, and background removal when first executed. It also manages a bundled version of the Chrome browser for rendering.
  • [DYNAMIC_EXECUTION]: Commands such as inspect and render involve running local HTML and JavaScript code within a headless Chrome instance to generate or audit video frames.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data in the form of user-provided HTML files and command-line variables (--variables). These inputs are executed in a browser environment during the rendering and inspection process, representing an attack surface for indirect injection. However, this is inherent to the tool's primary function of rendering web content.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 14, 2026, 06:40 AM
Security Audit — agent-trust-hub — hyperframes-cli