implement_lenis_scroll

The skill implement_lenis_scroll was analyzed for potential security threats. The analysis covered prompt injection, data exfiltration, obfuscation, unverifiable dependencies, privilege escalation, persistence mechanisms, metadata poisoning, indirect prompt injection, and time-delayed attacks.

No prompt injection patterns were found in the skill's description or instructions. The language used is purely instructional and does not attempt to manipulate the AI's behavior.

There are no commands or code snippets that attempt to exfiltrate sensitive data (e.g., reading ~/.aws/credentials or ~/.ssh/id_rsa) or make network requests to non-whitelisted domains.

No obfuscation techniques such as Base64 encoding, zero-width characters, homoglyphs, or other forms of hidden content were detected.

The skill instructs the user to install lenis or @studio-freight/lenis via npm install. While npm install generally introduces an external dependency, these specific packages are widely recognized and used in the web development community for smooth scrolling. This is considered a standard and low-risk dependency for a skill of this nature. The skill itself does not execute these commands; it provides them as instructions for the user.

No privilege escalation attempts (e.g., sudo, chmod 777) or persistence mechanisms (e.g., modifying .bashrc, crontab) were found.

The skill's metadata (name, description) is clean and does not contain any hidden instructions or malicious content.

The skill does not process external, untrusted user input, so there is no risk of indirect prompt injection.

No time-delayed or conditional attack patterns were identified.

Overall, the skill is a benign set of instructions for integrating a common library, with no detectable security risks.