motion
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFE
Full Analysis
- Category 4: Unverifiable Dependencies (SAFE): The
init-motion.shscript installs the legitimate 'motion' package using standard package managers (npm, pnpm, yarn). No unverified external downloads or remote script executions (e.g., curl|bash) are present. - Category 5: Privilege Escalation (SAFE): The scripts do not use 'sudo' or modify file permissions in a way that would suggest privilege escalation.
- Category 6: Persistence (SAFE): No operations were found that attempt to establish persistence, such as modifying shell profiles or crontabs.
- Category 8: Indirect Prompt Injection (SAFE): While the skill can generate code files, the content is hardcoded templates and does not ingest or process untrusted external data.
- Category 10: Dynamic Execution (SAFE): The skill does not use 'eval', 'exec', or any runtime code compilation techniques; it strictly uses static code templates for project setup.
Audit Metadata