animation-review
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE] (LOW): Setup instructions recommend storing the
GEMINI_API_KEYin shell configuration files (~/.zshrc,~/.bashrc). This common practice exposes the credential to all processes running in the user's environment.\n- [EXTERNAL_DOWNLOADS] (LOW): The skill is installed from an untrusted GitHub repository (jaaaaaaaaaaack/custom-skills) vianpx, and instructions prompt for additional external dependencies such asffmpegandplaywright.\n- [DATA_EXFILTRATION] (LOW): The tool's primary function is to record and upload video of user interactions. Users should be aware that any sensitive data (e.g., passwords, private communications) visible during recording will be captured and sent to the Gemini API.\n- [PROMPT_INJECTION] (LOW): The skill processes content from external URLs, creating a surface for indirect prompt injection where malicious website content could influence the AI's analysis.\n - Ingestion points: The
urlparameter inrecord_browser.pyallows ingestion of untrusted external content.\n - Boundary markers: No boundary markers or delimiters are identified in the provided scripts to isolate external content.\n
- Capability inventory: Includes browser automation via Playwright, video recording, and file system write access to
/tmp.\n - Sanitization: No sanitization of the webpage content or interaction results is performed before recording or analysis.
Audit Metadata