website-to-hyperframes
Pass
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from external websites.
- Ingestion points: The agent reads captured website content from
capture/extracted/visible-text.txtandcapture/extracted/asset-descriptions.mdas described inreferences/step-1-capture.md. - Boundary markers: The instructions lack explicit boundary markers or directives to ignore instructions that might be embedded within the captured website text.
- Capability inventory: The agent has extensive capabilities including writing project files (
DESIGN.md,SCRIPT.md, HTML compositions) and executing shell commands (npx hyperframes) as detailed inSKILL.mdandreferences/step-7-validate.md. - Sanitization: There is no mention of sanitizing or filtering the captured content before it is used to generate design documents and narration scripts.
- [COMMAND_EXECUTION]: The workflow relies heavily on the execution of shell commands via
npx(e.g.,npx hyperframes capture,npx hyperframes lint,npx hyperframes render). While these are necessary for the skill's functionality, they provide a mechanism for code execution that could be exploited if the inputs (like URLs) are manipulated. - [EXTERNAL_DOWNLOADS]: The skill automatically downloads assets (images, SVGs, fonts, videos) from user-provided URLs into the local
capture/directory. Although this is the intended purpose, it involves fetching remote content from unverified sources.
Audit Metadata