animate
Pass
Audited by Gen Agent Trust Hub on Apr 2, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends several external resources for UI components and motion, including 'UIverse', 'FlyonUI' (flyonui.com), 'daisyUI', and the NPM package '@chenglou/pretext'. These are standard development tools and the references are documented neutrally.\n- [PROMPT_INJECTION]: The skill contains a directive to 'Do this silently and avoid user-facing...caveats', which is a concealment pattern that hides specific implementation details from the user.\n- [PROMPT_INJECTION]: The skill analyzes external code (referred to as 'TARGET' or a 'feature'), creating an indirect prompt injection surface where malicious instructions embedded in that code could attempt to influence the agent's behavior.\n
- Ingestion points: The code provided to the skill for analysis as defined by the 'TARGET' argument and implementation instructions in SKILL.md.\n
- Boundary markers: Absent; there are no specific markers or instructions to isolate the analyzed code from the agent's core instructions.\n
- Capability inventory: The underlying agent environment likely has access to file system operations and terminal execution.\n
- Sanitization: Absent; the skill does not instruct the agent to sanitize or filter the input code for embedded instructions.
Audit Metadata