fixing-motion-performance
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a set of educational and auditing guidelines for front-end performance (CSS, JS animations). It does not include any executable scripts, network requests, or sensitive file access.
- [PROMPT_INJECTION]: No evidence of prompt injection, jailbreak attempts, or instructions to bypass safety guardrails were found. The use of slash commands like
/fixing-motion-performanceis a standard pattern for triggering agent behavior. - [DATA_EXFILTRATION]: There are no patterns suggesting data exfiltration. The skill does not perform network operations (e.g., curl, fetch) or attempt to access credentials or environment variables.
- [COMMAND_EXECUTION]: The skill does not execute shell commands or use dangerous APIs like eval() or subprocess.run(). It provides code examples for the agent to use as a reference for providing suggestions to the user.
- [INDIRECT_PROMPT_INJECTION]: While the skill reviews external files provided by the user (an ingestion point for potential indirect injection), it lacks the capabilities (such as file-write, network access, or shell execution) to perform harmful actions even if malicious instructions were encountered in a processed file.
Audit Metadata