Skills
skills/nexu-io/open-design/frame-light-leak-cinema/Gen Agent Trust Hub

frame-light-leak-cinema

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill incorporates user-provided text for titles, subtitles, and metadata into a visual frame.
  • Ingestion points: User input is used to populate the content of the generated HTML document as described in SKILL.md.
  • Boundary markers: No specific delimiters or instructions to ignore embedded commands are present in the template logic.
  • Capability inventory: The skill generates HTML, CSS, and SVG code for rendering.
  • Sanitization: There is no mention of sanitizing or escaping the user-provided content before it is interpolated into the HTML.
  • [COMMAND_EXECUTION]: The skill generates HTML and CSS code at runtime to create the visual frames, which includes loading the Tailwind CSS framework.
  • [SAFE]: The skill fetches fonts from Google Fonts and the Tailwind CSS library from a CDN, which are established and well-known technology services.
  • [SAFE]: The skill references an upstream repository on GitHub belonging to the author nexu-io.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 05:42 PM
Security Audit — agent-trust-hub — frame-light-leak-cinema