helios-core
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill documentation describes data ingestion surfaces that could be used for indirect prompt injection.
- Ingestion points: Data enters the agent context through the inputProps, schema, and captions fields in SKILL.md.
- Boundary markers: No specific delimiters or instructions to ignore embedded commands within the ingested data are identified.
- Capability inventory: Capabilities are limited to video engine state, animation logic, and timeline control (packages/core/src/index.ts). No high-risk capabilities such as shell execution, filesystem access, or network exfiltration were detected.
- Sanitization: Structural validation is performed using a JSON schema for input properties, but semantic sanitization for instructions is not described.- [EXTERNAL_DOWNLOADS]: The registerStabilityCheck method enables the engine to handle asynchronous asset loading, such as fetching JSON data or models (e.g., fetch('/data.json')), which is a necessary function for rendering engine stability and asset management.
Audit Metadata