Skills
skills/videozero/skills/motion-canvas-agent/Gen Agent Trust Hub

motion-canvas-agent

Pass

Audited by Gen Agent Trust Hub on Mar 23, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exposes a surface for indirect prompt injection by extracting and processing text labels from the Motion Canvas scene graph.
  • Ingestion points: The GET /__agent/scene-graph endpoint in assets/agent-plugin.ts retrieves data from the browser context using the serializeNode function in assets/agent-client.ts.
  • Boundary markers: The output format does not utilize boundary markers to distinguish extracted scene text from agent instructions.
  • Capability inventory: The skill provides capabilities for seeking frames, controlling playback, modifying project settings (size, background), and triggering file rendering.
  • Sanitization: The assets/agent-client.ts file includes basic sanitization that strips control characters and truncates extracted text to 100 characters to mitigate malformed input risks.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 23, 2026, 07:49 AM