lottie-bodymovin
Pass
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: LOW
Full Analysis
- SAFE (SAFE): The skill contains technical documentation and standard React/JavaScript snippets for UI animation. No malicious code or exfiltration patterns were identified.
- INDIRECT_PROMPT_INJECTION (INFO): Vulnerability surface for indirect injection identified but presents negligible risk. Ingestion point: 'animation.json' via import statement. Boundary markers: Absent. Capability inventory: UI animation rendering via lottie-react. Sanitization: Relies on library-level JSON parsing. Severity is INFO because the data is used for display purposes only and does not influence agent reasoning or decision-making.
Audit Metadata