nextjs-framer-motion-animations
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill instructions and associated scripts are dedicated to assisting developers with Next.js animations. Analysis of the bundled Node.js scripts shows they perform legitimate code auditing and scaffolding tasks without malicious side effects.
- [COMMAND_EXECUTION]: The skill leverages the Bash tool to execute local utility scripts such as audit-nextjs-motion.mjs and plan-motion-change.mjs. These scripts use Node.js spawnSync to coordinate analysis and do not expose the system to shell-based command injection or arbitrary execution of untrusted user input.
- [EXTERNAL_DOWNLOADS]: While the skill permits the use of package managers like npm and yarn to install animation libraries, these operations are restricted to well-known registries for standard development purposes. No unauthorized or suspicious remote code downloads were identified.
- [DATA_EXFILTRATION]: The skill scripts access the local filesystem exclusively to read project source files for analysis. No patterns were found that attempt to access sensitive system files or exfiltrate data to external servers.
- [PROMPT_INJECTION]: The skill's instructions are consistent with its stated purpose and do not contain any bypass markers, role-play injections, or instructions meant to override the AI agent's core safety guidelines.
- [SAFE]: The skill processes user-provided file paths via analysis scripts. Ingestion points: scripts/audit-nextjs-motion.mjs and scripts/inspect-motion-target.mjs. Boundary markers: None. Capability inventory: Local script execution via Bash tool and spawnSync. Sanitization: Regex-based pattern matching. The surface is used solely for static analysis of animation code.
Audit Metadata