Skills
skills/marclelamy/skills/hyperframes/Gen Agent Trust Hub

hyperframes

Warn

Audited by Gen Agent Trust Hub on May 5, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The scripts/package-loader.mjs script facilitates the dynamic installation and execution of Node.js packages. It uses npm install to download dependencies into a temporary directory and then re-spawns the current process to load and run the code. While the script uses --ignore-scripts to mitigate some risks, runtime code installation and execution remains a significant vector.
  • [DATA_EXFILTRATION]: Instructions in references/design-picker.md direct the agent to host a local web server using python3 -m http.server. This command exposes the project's root directory on port 8723, potentially allowing any device on the local network to access project files, source code, or configuration data. Additionally, references/transcript-guide.md provides curl commands to send local audio files to external APIs for transcription.
  • [EXTERNAL_DOWNLOADS]: The skill downloads Node.js packages from the npm registry via scripts/package-loader.mjs. It also references external CDNs for GSAP and Lottie libraries and directs the agent to interact with external transcription services provided by OpenAI and Groq.
  • [COMMAND_EXECUTION]: The skill makes extensive use of system commands through its scripts and instructions. It executes npm, npx, python3, and curl to manage dependencies, perform contrast audits, map animations, and serve internal tool pages.
  • [PROMPT_INJECTION]: The skill processes untrusted external data which could contain malicious instructions designed to influence the agent's behavior.
  • Ingestion points: The skill reads design.md, transcript.json, and audio-data.json from the project directory to configure its output and timing.
  • Boundary markers: No explicit boundary markers or "ignore instructions" warnings are utilized when interpolating these data sources into the agent's processing logic.
  • Capability inventory: The skill has access to file-system operations, network requests via curl, and arbitrary shell command execution through its maintenance and analysis scripts.
  • Sanitization: There is no evidence of content sanitization or validation beyond standard JSON parsing for the data ingested during the animation and captioning workflows.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 5, 2026, 04:01 PM