hyperframes-compose
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill references the GSAP library hosted on JSDelivr, a well-known and trusted content delivery network.
- [COMMAND_EXECUTION]: The instructions include usage of 'npx hyperframes lint' and 'npx hyperframes validate'. These are standard framework-specific development commands used for quality assurance of generated content.
- [DATA_EXFILTRATION]: No patterns of sensitive data access or exfiltration were found; the skill operates on local assets and public libraries.
- [PROMPT_INJECTION]: Instructions include 'Rules (Non-Negotiable)' to ensure framework consistency and deterministic output, which are benign instructional guidelines.
- [INDIRECT_PROMPT_INJECTION]: The skill processes user-provided HTML and media files. 1. Ingestion points: 'data-composition-src' attributes and media URLs. 2. Boundary markers: HTML structure and template tags. 3. Capability inventory: 'npx' command execution for framework linting. 4. Sanitization: Not explicitly mentioned in the instructions. The risk is minimized as the processing is confined to a video rendering environment.
Audit Metadata