motion-graphics
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes local command-line tools including
ffmpeg,ffprobe, andnpx hyperframesto process video assets and perform rendering operations. These operations are restricted to the project workspace and are functional requirements for media production. - [EXTERNAL_DOWNLOADS]: The skill fetches libraries and data from well-known content delivery networks, specifically
cdn.jsdelivr.netfor MapLibre and TopoJSON, andarcgisonline.comfor geographic tiles. These resources are from established service providers and are used according to standard development practices. - [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface (Category 8) when handling data from external URLs, news articles, or social media posts.
- Ingestion points: Data is ingested from user-provided URLs and external search results during the sourcing phase.
- Boundary markers: Prompts for subagents do not utilize explicit delimiters to segregate untrusted source data from system instructions.
- Capability inventory: The agent can perform network requests and execute shell-based rendering commands.
- Sanitization: There is no dedicated validation or sanitization layer for external content prior to its inclusion in generated HTML templates.
Audit Metadata