animated-video

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
  • [NO_CODE]: The skill is entirely instructional and does not bundle any executable scripts, binaries, or configuration files other than the SKILL.md definition.
  • [PROMPT_INJECTION]: The skill processes user-supplied descriptions to generate functional code (HTML/JS/CSS), which creates a surface for indirect prompt injection. Malicious instructions provided by a user could potentially influence the behavior of the generated scripts.
  • Ingestion points: User requests for animated explainers, intros, or motion graphics (SKILL.md).
  • Boundary markers: The skill lacks explicit delimiters or instructions for the agent to distinguish between animation requirements and potentially malicious commands in user input.
  • Capability inventory: The agent is authorized to generate self-contained HTML files with embedded JavaScript and CSS keyframes.
  • Sanitization: There are no instructions for validating, escaping, or filtering user-provided text before it is interpolated into the generated code.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 09:42 PM
Security Audit — agent-trust-hub — animated-video