Skills
skills/stevysmith/rive-skills/rive-web/Gen Agent Trust Hub

rive-web

Pass

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: LOWEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (LOW): The skill instructs users to install npm packages @rive-app/canvas and @rive-app/webgl. These are standard libraries for the Rive runtime, but they are not hosted within the predefined list of trusted organizations.\n- [INDIRECT_PROMPT_INJECTION] (LOW): The skill ingests external content in the form of .riv animation files.\n
  • Ingestion points: The src property in the Rive constructor (SKILL.md).\n
  • Boundary markers: Absent.\n
  • Capability inventory: Rendering to a browser canvas and manipulating state machine variables; no file system access or system command execution detected.\n
  • Sanitization: No validation or sanitization of the animation source URL is provided in the examples.
Audit Metadata
Risk Level
LOW
Analyzed
Feb 16, 2026, 01:15 PM