animate
Fail
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
evalcommand inSKILL.mdto run themanimrendering tool. The arguments for this command, such as the scene class name, are extracted from a JSON file generated by an AI agent based on the user's prompt. This allows for potential shell command injection if the AI generates a class name containing metacharacters like semicolons or backticks. - [COMMAND_EXECUTION]: The core logic of the skill involves generating Python scripts from user prompts and executing them via the
manimengine. Becausemanimexecutes these scripts as full Python code, any malicious logic injected via the user prompt (such as file system operations or network requests) will be executed with the user's system permissions. - [COMMAND_EXECUTION]: When detecting the Claude CLI for sub-agent tasks, the skill defaults to using the
--dangerously-skip-permissionsflag. This disables security prompts for the sub-agent, allowing it to execute potentially harmful commands or modify files without user confirmation, which significantly increases the risk if the sub-agent is compromised via prompt injection. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. A malicious prompt could be crafted to bypass the sub-agent's internal rules and force the generation of Python code that performs unauthorized actions when rendered by Manim.
- [EXTERNAL_DOWNLOADS]: The skill instructs users to install external dependencies like
manim,ffmpeg, andlatexusing standard package managers. While these are well-known tools, they represent an external dependency chain required for the skill's operation.
Recommendations
- AI detected serious security threats
Audit Metadata