Skills
skills/marclelamy/skills/hyperframes-cli/Gen Agent Trust Hub

hyperframes-cli

Pass

Audited by Gen Agent Trust Hub on May 5, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructions utilize npx to download and execute the hyperframes package from the npm registry. This is an expected behavior for a CLI tool from a well-known package registry.
  • [PROMPT_INJECTION]: The skill describes a workflow where the agent ingests data from external sources, which creates a surface for indirect prompt injection.
  • Ingestion points: Output from npx hyperframes lint --json and npx hyperframes inspect --json (SKILL.md).
  • Boundary markers: Absent. No instructions are provided to the agent to treat the CLI output as untrusted or to ignore instructions contained within the JSON findings.
  • Capability inventory: Shell command execution via npx for scaffolding, rendering, and environment management tasks (SKILL.md).
  • Sanitization: Absent. The skill does not specify any validation or sanitization steps for the agent when interpreting the tool's output.
Audit Metadata
Risk Level
SAFE
Analyzed
May 5, 2026, 04:01 PM
Security Audit — agent-trust-hub — hyperframes-cli