Auto Animate

Security checks across malware telemetry and agentic risk

Overview

This is a normal AutoAnimate documentation and setup bundle; the main caution is that its optional script installs a dependency and writes example files into a React project.

Install/use this skill as an AutoAnimate helper. Run scripts/init-auto-animate.sh only from the intended React project root, preferably with version control enabled, and review the resulting diff because it can overwrite example paths and add the current npm package version.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The auto-trigger list includes broad, common phrases such as "fade in fade out," "entry exit animations," "accessible animations," and generic framework/library combinations. In an agent skill-discovery system, these can cause unintended invocation in unrelated contexts, which creates prompt-routing risk: the wrong skill may be loaded and influence downstream code generation or troubleshooting. The skill context makes this somewhat more dangerous because it is designed for automatic discovery and contains many trigger phrases spanning errors, use cases, and integrations, increasing the chance of accidental activation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal