frontend-lottie
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Privilege Escalation] (HIGH): The skill metadata requests 'allowed-tools: Bash (*)', granting the agent unrestricted shell access. This exceeds the necessary permissions for UI asset management and significantly increases the impact of a potential compromise.
- [Unverifiable Dependencies] (MEDIUM): The 'Quick Start' section suggests 'npm install @lottiefiles/dotlottie-react' without version pinning or integrity checks for a package outside the trusted developer scope.
- [Indirect Prompt Injection] (HIGH): The skill defines an ingestion surface for untrusted external data while the agent possesses high-privilege capabilities. 1. Ingestion points: .lottie and .json files from lottiefiles.com and other external sources. 2. Boundary markers: Absent. 3. Capability inventory: Bash (*), Edit, and Write tools are available to the agent. 4. Sanitization: Absent; no verification of downloaded content structure is suggested.
- [Data Exposure & Exfiltration] (LOW): Instructions involve connecting to non-whitelisted domains (lottiefiles.com, lordicon.com, useanimations.com) for asset downloads, creating a minor risk of unauthorized data transmission.
Recommendations
- AI detected serious security threats
Audit Metadata