conductor-motion
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious code or exfiltration patterns were detected in the skill scripts or templates.
- [EXTERNAL_DOWNLOADS]: The skill references external assets from Google Fonts and Cloudflare's cdnjs. Both are recognized as trusted technology services.
- [PROMPT_INJECTION]: Analysis of the indirect prompt injection surface: 1. Ingestion points: User-provided text via command-line arguments in scripts/conductor_motion_generator.py. 2. Boundary markers: None. 3. Capability inventory: Generates client-side JavaScript and HTML for animations (no system access). 4. Sanitization: Implemented via HTML and JS escaping functions in the generator script.
Audit Metadata