Skills
skills/rdimascio/react-marketplace/performance-animator/Gen Agent Trust Hub

performance-animator

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHPROMPT_INJECTION
Full Analysis
  • Indirect Prompt Injection (HIGH): The skill exhibits a significant vulnerability surface by combining external data ingestion with sensitive write capabilities.
  • Ingestion points: The skill ingests untrusted content by using Read, Grep, and Glob tools to analyze React source code.
  • Boundary markers: Absent. The instructions do not define delimiters or provide clear rules to the agent to ignore embedded instructions found within the code being processed.
  • Capability inventory: The skill is granted Write and Edit tools, allowing it to modify the local environment based on its analysis of potentially malicious inputs.
  • Sanitization: Absent. No evidence of input validation or sanitization is present to prevent the agent from executing instructions hidden in comments or strings within the React components.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 01:36 PM