svelte-ui-animator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Indirect Prompt Injection (SAFE): The skill instructs the agent to analyze project files such as
package.jsonandtailwind.config.jsto identify existing setups and plan animations. While processing untrusted project files is a surface for indirect prompt injection, it is necessary for the skill's primary function and is mitigated by standard LLM guardrails. - Ingestion points:
src/routes/,package.json, andtailwind.config.jsin Phase 1 (Analyze). - Boundary markers: None explicitly mentioned in the instructions to the agent.
- Capability inventory: File reading (analysis) and code generation/file writing (Phase 3: Implementation).
- Sanitization: Not explicitly mentioned in the prompt logic.
- Metadata Consistency (SAFE): The
references/component-checklist.mdfile contains example directory structures using Next.js patterns (e.g.,app/page.tsx), while the overall skill andSKILL.mdare focused on Svelte/SvelteKit. This appears to be a documentation template inconsistency rather than a deceptive practice or metadata poisoning.
Audit Metadata