Skills
skills/nexu-io/open-design/hyperframes/Gen Agent Trust Hub

hyperframes

Pass

Audited by Gen Agent Trust Hub on May 9, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses scripts/package-loader.mjs to download and install necessary npm dependencies like @hyperframes/producer and sharp. The process is guarded by version pinning and the --ignore-scripts flag to prevent malicious lifecycle script execution.\n- [REMOTE_CODE_EXECUTION]: Project rendering and media transcription tasks are performed using npx to run HyperFrames CLI subcommands, which dynamically download and execute code from the npm registry.\n- [COMMAND_EXECUTION]: Various shell utilities including openssl, jq, and date are used within the workflow to manage project assets and provide unique identifiers for caching mechanisms.\n- [PROMPT_INJECTION]: The skill ingests user-provided text for generating voiceovers and captions. This text is processed within the browser-based rendering engine, representing a standard indirect prompt injection surface for media tools.
Audit Metadata
Risk Level
SAFE
Analyzed
May 9, 2026, 01:13 AM