motion
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- EXTERNAL_DOWNLOADS (SAFE): The
init-motion.shscript facilitates the installation of themotionorframer-motionlibraries via standard package managers (npm, pnpm, yarn). These are well-known, trusted packages from the official registry. - COMMAND_EXECUTION (SAFE): Shell scripts are used for project initialization and code generation (scaffolding). The scripts use
mkdirandcatto create a standard directory structure and provide template components. No arbitrary or high-risk command execution was detected. - DATA_EXFILTRATION (SAFE): The scripts do not access sensitive file paths (like credentials or SSH keys) or perform network requests to non-whitelisted domains.
- PROMPT_INJECTION (SAFE): The provided documentation and React templates contain standard instructional content and code examples. There are no attempts to override agent instructions or bypass safety filters.
- INDIRECT PROMPT INJECTION (LOW):
- Ingestion points: The script reads the local
package.jsonfile usinggrepto detect project frameworks. - Boundary markers: None present, as it is a shell script environment.
- Capability inventory: Directory creation (
mkdir), file writing (cat), and package installation (npm/yarn/pnpm). - Sanitization: The script only checks for the presence of specific framework strings (
"next","vite") and does not execute the contents of the file directly.
Audit Metadata