技能 faceless-explainer 审计历史
📦

审计历史

faceless-explainer - 2 审计

审计版本 2

最新 中风险

Jun 30, 2026, 02:55 AM

Static analysis reported 1059 issues and a critical heuristic, but review found no prompt injection, credential exfiltration, or malicious intent. Most alerts are markdown backticks, relative documentation paths, color parsing, or RegExp.exec false positives. Confirmed risks are legitimate HyperFrames workflow privileges: local scripts, project filesystem writes, an environment-controlled audio engine override, and generated HTML that loads GSAP from a CDN.

17
已扫描文件
3,233
分析行数
12
发现项
codex
审计者
中风险问题 (3)
scripts/audio.mjs:23scripts/audio.mjs:71scripts/audio.mjs:85
Local Subprocess Invocation for Audio Pipeline
The audio adapter imports child_process and uses spawnSync to run a Node-based shared media audio engine. This is expected for narration, BGM, and SFX generation, and arguments are passed as an array without shell interpolation. It still creates a local command execution surface when users run the workflow, especially because HF_MEDIA_ENGINE can override the engine path.
scripts/build-frame.mjs:147scripts/build-frame.mjs:260scripts/audio.mjs:155scripts/captions.mjs:165scripts/captions.mjs:178scripts/assemble-index.mjs:348
Project Filesystem Modification by Workflow Scripts
Several scripts write generated project artifacts such as frame.md, caption HTML, caption metadata, audio metadata, and index.html. This is necessary for HyperFrames rendering, but users should run it only in the intended video project directory because the scripts accept project paths from CLI arguments.
scripts/assemble-index.mjs:323scripts/captions.mjs:452
Generated HTML Loads External GSAP CDN Script
The generated index and fallback captions HTML include GSAP from jsDelivr. This is a normal rendering dependency, but it introduces a runtime network and supply-chain dependency unless the environment pins or vendors the asset.
低风险问题 (4)
SKILL.md:32SKILL.md:92references/story-design.md:215
Markdown Backtick Command Alerts Are False Positives
Many external command alerts come from markdown code formatting and workflow instructions, not hidden Ruby backtick execution. The cited lines describe commands users may run as part of the HyperFrames workflow.
scripts/lib/storyboard.mjs:107scripts/lib/tokens.mjs:27scripts/transitions.mjs:76
Regex exec Alerts Are False Positives
The script findings labeled as Python exec or process exec are RegExp.exec calls used for parsing headings, colors, and transition HTML. These do not execute code.
SKILL.md:191SKILL.md:192references/story-design.md:5
Path Traversal Alerts Are Documentation Relative Paths
Several path traversal alerts refer to documentation links such as ../hyperframes-core and ../hyperframes-animation. These are intended skill reference paths, not code that reads arbitrary parent directories.
scripts/lib/tokens.mjs:27scripts/lib/tokens.mjs:107references/visual-design.md:58
Weak Cryptography Alerts Are Color and Design Vocabulary
The weak cryptography alerts are caused by terms such as hex colors, chroma, blur, and visual design language. I did not find hashing, encryption, or cryptographic verification code in the reviewed context.

风险因素

⚙️ 外部命令 (6)
scripts/audio.mjs:23 scripts/audio.mjs:85 SKILL.md:32 SKILL.md:92 SKILL.md:109 SKILL.md:151
📁 文件系统访问 (9)
scripts/build-frame.mjs:27-28 scripts/build-frame.mjs:147 scripts/build-frame.mjs:260 scripts/audio.mjs:70 scripts/audio.mjs:155 scripts/captions.mjs:165 scripts/captions.mjs:178 scripts/captions.mjs:202 scripts/assemble-index.mjs:348
🔑 环境变量 (1)
scripts/audio.mjs:71
🌐 网络访问 (2)
scripts/assemble-index.mjs:323 scripts/captions.mjs:452
⚡ 包含脚本 (5)
scripts/build-frame.mjs:1 scripts/audio.mjs:1 scripts/captions.mjs:1 scripts/transitions.mjs:1 scripts/assemble-index.mjs:1

检测到的模式

child_process.spawnSync UsageEnvironment-Controlled Engine PathHardcoded External Script URL

审计版本 1

中风险

Jun 27, 2026, 09:04 AM

Static analysis reported 1059 issues and a critical heuristic, but review found no prompt injection, credential exfiltration, or malicious intent. Most alerts are markdown backticks, relative documentation paths, color parsing, or RegExp.exec false positives. Confirmed risks are legitimate HyperFrames workflow privileges: local scripts, project filesystem writes, an environment-controlled audio engine override, and generated HTML that loads GSAP from a CDN.

17
已扫描文件
3,233
分析行数
12
发现项
codex
审计者
中风险问题 (3)
scripts/audio.mjs:23scripts/audio.mjs:71scripts/audio.mjs:85
Local Subprocess Invocation for Audio Pipeline
The audio adapter imports child_process and uses spawnSync to run a Node-based shared media audio engine. This is expected for narration, BGM, and SFX generation, and arguments are passed as an array without shell interpolation. It still creates a local command execution surface when users run the workflow, especially because HF_MEDIA_ENGINE can override the engine path.
scripts/build-frame.mjs:147scripts/build-frame.mjs:260scripts/audio.mjs:155scripts/captions.mjs:165scripts/captions.mjs:178scripts/assemble-index.mjs:348
Project Filesystem Modification by Workflow Scripts
Several scripts write generated project artifacts such as frame.md, caption HTML, caption metadata, audio metadata, and index.html. This is necessary for HyperFrames rendering, but users should run it only in the intended video project directory because the scripts accept project paths from CLI arguments.
scripts/assemble-index.mjs:323scripts/captions.mjs:452
Generated HTML Loads External GSAP CDN Script
The generated index and fallback captions HTML include GSAP from jsDelivr. This is a normal rendering dependency, but it introduces a runtime network and supply-chain dependency unless the environment pins or vendors the asset.
低风险问题 (4)
SKILL.md:32SKILL.md:92references/story-design.md:215
Markdown Backtick Command Alerts Are False Positives
Many external command alerts come from markdown code formatting and workflow instructions, not hidden Ruby backtick execution. The cited lines describe commands users may run as part of the HyperFrames workflow.
scripts/lib/storyboard.mjs:107scripts/lib/tokens.mjs:27scripts/transitions.mjs:76
Regex exec Alerts Are False Positives
The script findings labeled as Python exec or process exec are RegExp.exec calls used for parsing headings, colors, and transition HTML. These do not execute code.
SKILL.md:191SKILL.md:192references/story-design.md:5
Path Traversal Alerts Are Documentation Relative Paths
Several path traversal alerts refer to documentation links such as ../hyperframes-core and ../hyperframes-animation. These are intended skill reference paths, not code that reads arbitrary parent directories.
scripts/lib/tokens.mjs:27scripts/lib/tokens.mjs:107references/visual-design.md:58
Weak Cryptography Alerts Are Color and Design Vocabulary
The weak cryptography alerts are caused by terms such as hex colors, chroma, blur, and visual design language. I did not find hashing, encryption, or cryptographic verification code in the reviewed context.

风险因素

⚙️ 外部命令 (6)
scripts/audio.mjs:23 scripts/audio.mjs:85 SKILL.md:32 SKILL.md:92 SKILL.md:109 SKILL.md:151
📁 文件系统访问 (9)
scripts/build-frame.mjs:27-28 scripts/build-frame.mjs:147 scripts/build-frame.mjs:260 scripts/audio.mjs:70 scripts/audio.mjs:155 scripts/captions.mjs:165 scripts/captions.mjs:178 scripts/captions.mjs:202 scripts/assemble-index.mjs:348
🔑 环境变量 (1)
scripts/audio.mjs:71
🌐 网络访问 (2)
scripts/assemble-index.mjs:323 scripts/captions.mjs:452
⚡ 包含脚本 (5)
scripts/build-frame.mjs:1 scripts/audio.mjs:1 scripts/captions.mjs:1 scripts/transitions.mjs:1 scripts/assemble-index.mjs:1

检测到的模式

child_process.spawnSync UsageEnvironment-Controlled Engine PathHardcoded External Script URL
← 返回技能