hyperframes-captions
Warn
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands that incorporate variables like filenames and language codes. This creates a potential surface for command injection if inputs are not properly sanitized before being passed to the shell.
- Evidence: transcript-guide.md contains examples like
npx hyperframes transcribe <file>andcurl ... -F file=@audio.mp3. - Evidence: dynamic-techniques.md recommends running
python3 skills/gsap-effects/scripts/extract-audio-data.py audio.mp3. - [REMOTE_CODE_EXECUTION]: The skill uses the
npxutility to execute thehyperframespackage from the npm registry. While npm is a well-known service, this pattern involves the dynamic download and execution of code at runtime. - Evidence: Repeated instructions to use
npx hyperframes transcribein transcript-guide.md. - [PROMPT_INJECTION]: The skill processes external data (transcripts and audio files) to drive automated styling and animation logic. This architecture possesses a surface for indirect prompt injection, where malicious content embedded in a transcript could attempt to influence the agent's logic.
- Ingestion points: transcript.json, .srt files, .vtt files, and audio assets.
- Boundary markers: No explicit delimiters or boundary markers are defined for processed data.
- Capability inventory: Shell execution capabilities (npx, python3, curl) are available to the skill.
- Sanitization: The skill does not provide specific instructions or code for sanitizing input data before it is used in command arguments or processing logic.
Audit Metadata