interactive-states
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The 'Agent Workflow (MANDATORY)' section uses strong directive language to prescribe a specific multi-agent setup using the
TeamCreatetool. While this overrides default agent behavior to enforce a particular development process, it is focused on task orchestration and codebase exploration rather than bypassing safety filters or security protocols. - [EXTERNAL_DOWNLOADS]: The skill references the
framer-motionpackage (version 11), which is a standard and well-known animation library for React development. - [INDIRECT_PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection because it instructs the agent to process untrusted data from an external codebase.
- Ingestion points: The skill utilizes
Read,Glob, andGreptools to examine existing code patterns in the local environment. - Boundary markers: There are no explicit delimiters or instructions provided to the agent to ignore potentially malicious content found within the files it reads.
- Capability inventory: The skill allows for
WriteandEditoperations, which could be exploited if the agent is successfully manipulated by malicious content in the codebase. - Sanitization: No automated sanitization or validation of the ingested code content is performed before the agent acts upon it.
Audit Metadata