conductor-motion

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No malicious code or exfiltration patterns were detected in the skill scripts or templates.
  • [EXTERNAL_DOWNLOADS]: The skill references external assets from Google Fonts and Cloudflare's cdnjs. Both are recognized as trusted technology services.
  • [PROMPT_INJECTION]: Analysis of the indirect prompt injection surface: 1. Ingestion points: User-provided text via command-line arguments in scripts/conductor_motion_generator.py. 2. Boundary markers: None. 3. Capability inventory: Generates client-side JavaScript and HTML for animations (no system access). 4. Sanitization: Implemented via HTML and JS escaping functions in the generator script.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 04:39 PM
Security Audit — agent-trust-hub — conductor-motion