manim
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- PROMPT_INJECTION (HIGH): The skill defines patterns for interpolating external strings into Manim mobjects (e.g., MathTex, Text), creating a significant indirect prompt injection surface. (1) Ingestion points: references/latex.md (MathTex calls) and references/mobjects.md (Text mobjects). (2) Boundary markers: Absent in all code examples. (3) Capability inventory: Command execution via the manim CLI (documented in SKILL.md) and arbitrary Python script execution. (4) Sanitization: No sanitization or validation logic is provided for external content.
- COMMAND_EXECUTION (MEDIUM): The skill promotes a workflow involving the execution of shell commands using the manim CLI tool on dynamically generated scripts, which presents a risk of dynamic code execution if the agent is influenced by malicious instructions.
- EXTERNAL_DOWNLOADS (MEDIUM): The skill depends on the manim Python package (>=0.19.0) from a non-whitelisted GitHub organization (ManimCommunity), which does not qualify for trusted-source status.
Recommendations
- AI detected serious security threats
Audit Metadata